REvil Analysis

IOB - Indicator of Behavior (351)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en278
de44
sv6
it6
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us94
de42
ru20
gb16
cn14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Microsoft Windows6
Apple macOS6
Samsung SmartThings Hub STH-ETH-2506
Open Design Alliance Drawings SDK6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.190.01139CVE-2007-6138
3Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.410.01139CVE-2010-2338
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.000.00000
5Tenhot TWS-100 Network Diagnostic os command injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-37861
6HP Network Switch access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2015-6859
7Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.310.29797CVE-2014-4078
8Drupal File unrestricted upload7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00890CVE-2020-13671
9Dnsmasq Pending Request security check4.74.5$0-$5kCalculatingNot DefinedOfficial Fix0.040.14862CVE-2020-25686
10Acyba AcyMailing File Upload unrestricted upload5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-10934
11OpenResty API ngx_http_lua_subrequest.c request smuggling7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01018CVE-2020-11724
12HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-7132
13Miraserver newsitem.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
14PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.09029CVE-2018-19410
15Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2022-23797
16libssh scp Client ssh_scp_new command injection5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01282CVE-2019-14889
17Telegram Web K Alpha Document Extension Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-40532
18SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00885CVE-2022-4273
19Website Baker Login class.login.php is_remembered sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.020.01319CVE-2007-0527
20Mikrotik RouterOS Hotspot Process out-of-bounds7.67.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01086CVE-2022-45313

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2019-2725

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.230.195.226REvilverifiedHigh
218.223.199.234ec2-18-223-199-234.us-east-2.compute.amazonaws.comREvilverifiedMedium
345.9.148.108mx1.dendrite.networkREvilverifiedHigh
445.33.2.79li956-79.members.linode.comREvilverifiedHigh
545.33.18.44li972-44.members.linode.comREvilverifiedHigh
645.33.20.235li974-235.members.linode.comREvilverifiedHigh
745.33.23.183li977-183.members.linode.comREvilverifiedHigh
845.33.30.197li1047-197.members.linode.comREvilverifiedHigh
945.55.211.79REvilCVE-2019-2725verifiedHigh
1045.56.79.23li929-23.members.linode.comREvilverifiedHigh
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
12XX.XX.XXX.XXXxxxxverifiedHigh
13XX.XXX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxxverifiedHigh
14XX.XXX.XX.XXXXxxxxverifiedHigh
15XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
17XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
18XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
19XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
20XX.XXX.XX.XXxxxxverifiedHigh
21XX.XXX.XX.XXxxxxverifiedHigh
22XX.XXX.XX.XXXxxxxxxxxxx.xxXxxxxverifiedHigh
23XX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxverifiedHigh
24XX.XXX.XXX.XXXxxxxverifiedHigh
25XX.X.XXX.XXXxxx-xxx-x-xx.xxxxxxx-xxxXxxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
27XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
29XXX.XX.XX.XXXXxxxxXxx-xxxx-xxxxverifiedHigh
30XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxverifiedHigh
31XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxxverifiedMedium
32XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxxverifiedMedium
33XXX.XX.XXX.XXXXxxxxverifiedHigh
34XXX.XX.XXX.XXXXxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxverifiedHigh
36XXX.XX.XXX.XXXXxxxxverifiedHigh
37XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
38XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxverifiedHigh
39XXX.XXX.XX.XXXXxxxxXxx-xxxx-xxxxverifiedHigh
40XXX.XXX.XXX.XXxxxxxxxxxxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
41XXX.XXX.XXX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxverifiedHigh
42XXX.XXX.XXX.XXXxxxx.xxxxx.xxXxxxxverifiedHigh
43XXX.XX.XXX.XXXxxxxverifiedHigh
44XXX.XXX.XX.XXXxxxxverifiedHigh
45XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
46XXX.XXX.XX.XXXXxxxxverifiedHigh
47XXX.XXX.XXX.XXxxxxxx-xx-xxx-xxx-xxx-xx.xxxxxx.xx-xxxx.xxxXxxxxverifiedHigh
48XXX.XXX.XXX.XXxxxxxx-xx-xxx-xxx-xxx-xx.xxxxxx.xx-xxxx.xxxXxxxxverifiedHigh
49XXX.XX.XX.XXXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (181)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/assets/something/services/AppModule.classpredictiveHigh
3File/category_view.phppredictiveHigh
4File/cgi-bin/nasset.cgipredictiveHigh
5File/cgi-bin/webadminget.cgipredictiveHigh
6File/cms/process.phppredictiveHigh
7File/etc/shadowpredictiveMedium
8File/forum/away.phppredictiveHigh
9File/goform/SetNetControlListpredictiveHigh
10File/hrm/controller/employee.phppredictiveHigh
11File/index.php/weblinks-categoriespredictiveHigh
12File/modules/profile/index.phppredictiveHigh
13File/movie.phppredictiveMedium
14File/public/login.htmpredictiveHigh
15File/service/v1/createUserpredictiveHigh
16File/show_news.phppredictiveHigh
17File/system?action=ServiceAdminpredictiveHigh
18File/uncpath/predictiveMedium
19File/web/entry/en/address/adrsSetUserWizard.cgipredictiveHigh
20Fileadclick.phppredictiveMedium
21Fileadmin.asppredictiveMedium
22Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
24Filexxxxx/xxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxx/xxxxxxxx/xxxxxxxxx_xxxxxxpredictiveHigh
27Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxx_xx_xxx_xxx.xxxpredictiveHigh
30Filexxxxx_x.xxxpredictiveMedium
31Filexxxxxxx.xxpredictiveMedium
32Filexxx.xpredictiveLow
33Filexxxx_xx.xxpredictiveMedium
34Filex:\xxxxxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxx/xxx?xxxxpredictiveMedium
37Filexxxxx.xxxxx.xxxpredictiveHigh
38FilexxxpredictiveLow
39Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxx_xxxxxxxpredictiveMedium
43Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxxxx.xpredictiveHigh
45Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
46Filexxx_xxxx.xpredictiveMedium
47Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
48Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
49Filexxx/xxxxx.xxxxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxx.xxxpredictiveMedium
52Filexxx/xxxxxx.xxxpredictiveHigh
53Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
54Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
57Filexxxxxxx_xxxxxxx.xxpredictiveHigh
58Filexx_xxxxx.xpredictiveMedium
59Filexxxx_xxxx.xxxpredictiveHigh
60Filexxxxx_xxxxx.xpredictiveHigh
61Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
62Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
63Filexxxxxx.xxpredictiveMedium
64Filexxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexxxxxxxx.xxpredictiveMedium
68Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
71Filexxxxxxxx.xxxpredictiveMedium
72Filexxxxxxxx.xxxpredictiveMedium
73Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxxxxxx.xxxpredictiveMedium
76Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
77Filexxxxx/xxxxx.xxxxxpredictiveHigh
78Filexxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxxxxxxxxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
80Filexxxx.xpredictiveLow
81Filexxxxx.xxxpredictiveMedium
82Filexxxxx.xxxpredictiveMedium
83Filexxxxxxxx.xxxpredictiveMedium
84Filexxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxx.xpredictiveMedium
86Filexxxxxxx.xpredictiveMedium
87Filexxxxxxxxxx.xxxx.xxxpredictiveHigh
88Filexxxxxx_xxxxxx.xxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
92Filexxxxxx_xxxx.xxxpredictiveHigh
93Filexxx.xpredictiveLow
94FilexxxxxxxxxxxxxxxxpredictiveHigh
95Filexxxxxx.xpredictiveMedium
96Filexxxxxxxxxxxx.xxxpredictiveHigh
97Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
98Filexxx-xxxxxxx-xxx.xxpredictiveHigh
99Filexx/xxxxxxxx/xxxxxxpredictiveHigh
100Filexxxxx.xxxpredictiveMedium
101Filexxxxxxx.xxxpredictiveMedium
102Filexxxxxx.xxxpredictiveMedium
103Filexxxx.xxpredictiveLow
104Libraryxxxxxxxxxxxxxxx.xxxpredictiveHigh
105Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
106Libraryxxxx-x-x-x-x.xxxpredictiveHigh
107Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
108Libraryxxxxxxx/xxx/xxxxx.xxxxxxxxxxxxxx.xxxpredictiveHigh
109Libraryxxx/xxxx.xxxpredictiveMedium
110Libraryxxx/xxxxxxxx.xxxpredictiveHigh
111Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
112Libraryxxx_xxxxxxx.xxxpredictiveHigh
113Libraryxxxxx.xxxpredictiveMedium
114Libraryxxxxxxx.xxxpredictiveMedium
115Libraryxxxxx.xxxpredictiveMedium
116Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
117Argument$xxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxxxpredictiveMedium
125Argumentx:\xxxxxxx\xpredictiveMedium
126Argumentxxx_xxpredictiveLow
127Argumentxx_xxxxxxxxxxx[]predictiveHigh
128ArgumentxxxpredictiveLow
129ArgumentxxxpredictiveLow
130ArgumentxxxpredictiveLow
131Argumentxxxx_xxpredictiveLow
132Argumentxxxxxxx-xxxxxxpredictiveHigh
133ArgumentxxxxxxpredictiveLow
134ArgumentxxxxxxxpredictiveLow
135Argumentxxxx_xxxpredictiveMedium
136ArgumentxxxxpredictiveLow
137Argumentxxx_xxxpredictiveLow
138ArgumentxxxxxpredictiveLow
139Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
140ArgumentxxxxxxxxxxxpredictiveMedium
141Argumentxx_xxxxxxxpredictiveMedium
142ArgumentxxxxxxxpredictiveLow
143Argumentxxxxx_xxpredictiveMedium
144ArgumentxxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146ArgumentxxpredictiveLow
147Argumentxxxxxxx_xxxpredictiveMedium
148Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
149ArgumentxxxxxxxpredictiveLow
150ArgumentxxxxpredictiveLow
151ArgumentxxxxxxxpredictiveLow
152Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
153ArgumentxxxxxxpredictiveLow
154Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
155ArgumentxxpredictiveLow
156ArgumentxxxxpredictiveLow
157Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
158ArgumentxxxxxxxxpredictiveMedium
159ArgumentxxxxxpredictiveLow
160Argumentxxxxx_xxxx_xxxxpredictiveHigh
161ArgumentxxxxxxxxxxpredictiveMedium
162Argumentxxxx_xxxxxpredictiveMedium
163Argumentxxxx_xxpredictiveLow
164Argumentx_xxxxpredictiveLow
165ArgumentxxxxpredictiveLow
166ArgumentxxxpredictiveLow
167ArgumentxxxxxpredictiveLow
168ArgumentxxxxxxxxxpredictiveMedium
169ArgumentxxpredictiveLow
170ArgumentxxxxxpredictiveLow
171ArgumentxxxxpredictiveLow
172ArgumentxxxpredictiveLow
173ArgumentxxxxxxpredictiveLow
174Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
175Argumentxxxxx xx xxxxxxx xxxxxpredictiveHigh
176Input Value//xxx//xxxxxxx.xxxpredictiveHigh
177Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
178Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
179Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
180Pattern|xx|predictiveLow
181Network Portxxx/xxxxxpredictiveMedium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!