REvil Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en250
de37
sv6
zh3
es2

Country

us84
de33
ru19
gb15
cn8

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.31
3Drupal File unrestricted upload7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-13671
4Dnsmasq Pending Request security check for standard4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-25686
5Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.07CVE-2010-2338
6Acyba AcyMailing File Upload unrestricted upload5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-10934
7OpenResty API ngx_http_lua_subrequest.c request smuggling7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11724
8HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-7132
9Miraserver newsitem.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.07
10PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-19410
11XStream denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21341
12Eclipse Jetty Content-Length Header data processing8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2017-7658
13Zoho ManageEngine ADAudit xml external entity reference7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-28219
14VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.21CVE-2022-22963
15PHP EXIF exif_process_IFD_in_MAKERNOTE memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-9639
16HP Network Switch access control5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.08CVE-2015-6859
17Microsoft Windows Fax/Scan Service Privilege Escalation8.17.6$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.17CVE-2022-24459
18Microsoft Windows Remote Desktop Client Remote Code Execution8.07.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.24CVE-2022-23285
19Microsoft Windows Remote Desktop Client Remote Code Execution8.88.2$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.21CVE-2022-21990
20FacileForms facileforms.frame.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2008-2990

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2019-2725

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.230.195.226REvilverifiedHigh
218.223.199.234ec2-18-223-199-234.us-east-2.compute.amazonaws.comREvilverifiedMedium
345.9.148.108mx1.dendrite.networkREvilverifiedHigh
445.33.2.79li956-79.members.linode.comREvilverifiedHigh
545.33.18.44li972-44.members.linode.comREvilverifiedHigh
645.33.20.235li974-235.members.linode.comREvilverifiedHigh
745.33.23.183li977-183.members.linode.comREvilverifiedHigh
845.33.30.197li1047-197.members.linode.comREvilverifiedHigh
945.55.211.79REvilCVE-2019-2725verifiedHigh
1045.56.79.23li929-23.members.linode.comREvilverifiedHigh
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
12XX.XX.XXX.XXXxxxxverifiedHigh
13XX.XXX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxxverifiedHigh
14XX.XXX.XX.XXXXxxxxverifiedHigh
15XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
17XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
18XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
19XX.XX.XXX.XXxxxxxxxxx.xxxx.xxxXxxxxverifiedHigh
20XX.XXX.XX.XXxxxxverifiedHigh
21XX.XXX.XX.XXxxxxverifiedHigh
22XX.XXX.XX.XXXxxxxxxxxxx.xxXxxxxverifiedHigh
23XX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxverifiedHigh
24XX.XXX.XXX.XXXxxxxverifiedHigh
25XX.X.XXX.XXXxxx-xxx-x-xx.xxxxxxx-xxxXxxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
27XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
29XXX.XX.XX.XXXXxxxxXxx-xxxx-xxxxverifiedHigh
30XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxverifiedHigh
31XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxxverifiedMedium
32XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxxverifiedMedium
33XXX.XX.XXX.XXXXxxxxverifiedHigh
34XXX.XX.XXX.XXXXxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxverifiedHigh
36XXX.XX.XXX.XXXXxxxxverifiedHigh
37XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
38XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxverifiedHigh
39XXX.XXX.XX.XXXXxxxxXxx-xxxx-xxxxverifiedHigh
40XXX.XXX.XXX.XXxxxxxxxxxxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
41XXX.XXX.XXX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxverifiedHigh
42XXX.XXX.XXX.XXXxxxx.xxxxx.xxXxxxxverifiedHigh
43XXX.XX.XXX.XXXxxxxverifiedHigh
44XXX.XXX.XX.XXXxxxxverifiedHigh
45XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
46XXX.XXX.XX.XXXXxxxxverifiedHigh
47XXX.XXX.XXX.XXxxxxxx-xx-xxx-xxx-xxx-xx.xxxxxx.xx-xxxx.xxxXxxxxverifiedHigh
48XXX.XXX.XXX.XXxxxxxx-xx-xxx-xxx-xxx-xx.xxxxxx.xx-xxxx.xxxXxxxxverifiedHigh
49XXX.XX.XX.XXXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (160)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/assets/something/services/AppModule.classpredictiveHigh
3File/category_view.phppredictiveHigh
4File/cgi-bin/nasset.cgipredictiveHigh
5File/cgi-bin/webadminget.cgipredictiveHigh
6File/cms/process.phppredictiveHigh
7File/etc/shadowpredictiveMedium
8File/forum/away.phppredictiveHigh
9File/goform/SetNetControlListpredictiveHigh
10File/index.php/weblinks-categoriespredictiveHigh
11File/modules/profile/index.phppredictiveHigh
12File/movie.phppredictiveMedium
13File/public/login.htmpredictiveHigh
14File/service/v1/createUserpredictiveHigh
15File/show_news.phppredictiveHigh
16File/system?action=ServiceAdminpredictiveHigh
17File/uncpath/predictiveMedium
18Fileadclick.phppredictiveMedium
19Fileadmin.asppredictiveMedium
20Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
22Filexxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxx_xx_xxx_xxx.xxxpredictiveHigh
27Filexxxxx_x.xxxpredictiveMedium
28Filexxxxxxx.xxpredictiveMedium
29Filexxx.xpredictiveLow
30Filexxxx_xx.xxpredictiveMedium
31Filex:\xxxxxxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33FilexxxpredictiveLow
34Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxx_xxxxxxxpredictiveMedium
38Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxxxx.xpredictiveHigh
40Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
41Filexxx_xxxx.xpredictiveMedium
42Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
43Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
44Filexxx/xxxxx.xxxxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxxx.xxxpredictiveMedium
47Filexxx/xxxxxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
49Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
52Filexxxxxxx_xxxxxxx.xxpredictiveHigh
53Filexx_xxxxx.xpredictiveMedium
54Filexxxx_xxxx.xxxpredictiveHigh
55Filexxxxx_xxxxx.xpredictiveHigh
56Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
57Filexxxxxx.xxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxx.xxxpredictiveMedium
61Filexxxxxxxx.xxpredictiveMedium
62Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
69Filexxxxx/xxxxx.xxxxxpredictiveHigh
70Filexxxxxxxxxx.xxxpredictiveHigh
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx.xxxpredictiveMedium
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxx.xpredictiveMedium
76Filexxxxxxx.xpredictiveMedium
77Filexxxxxxxxxx.xxxx.xxxpredictiveHigh
78Filexxxxxx_xxxxxx.xxxpredictiveHigh
79Filexxxx.xxxpredictiveMedium
80Filexxxxxxx.xxxpredictiveMedium
81Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
82Filexxxxxx_xxxx.xxxpredictiveHigh
83Filexxx.xpredictiveLow
84FilexxxxxxxxxxxxxxxxpredictiveHigh
85Filexxxxxx.xpredictiveMedium
86Filexxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
88Filexxx-xxxxxxx-xxx.xxpredictiveHigh
89Filexx/xxxxxxxx/xxxxxxpredictiveHigh
90Filexxxxx.xxxpredictiveMedium
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxxxx.xxxpredictiveMedium
93Filexxxx.xxpredictiveLow
94Libraryxxxxxxxxxxxxxxx.xxxpredictiveHigh
95Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
96Libraryxxxx-x-x-x-x.xxxpredictiveHigh
97Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
98Libraryxxxxxxx/xxx/xxxxx.xxxxxxxxxxxxxx.xxxpredictiveHigh
99Libraryxxx/xxxx.xxxpredictiveMedium
100Libraryxxx/xxxxxxxx.xxxpredictiveHigh
101Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
102Libraryxxx_xxxxxxx.xxxpredictiveHigh
103Libraryxxxxx.xxxpredictiveMedium
104Libraryxxxxxxx.xxxpredictiveMedium
105Libraryxxxxx.xxxpredictiveMedium
106Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
107Argument$xxxxpredictiveLow
108ArgumentxxxxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxpredictiveLow
111ArgumentxxxxxxxxpredictiveMedium
112ArgumentxxxxxxxxpredictiveMedium
113Argumentx:\xxxxxxx\xpredictiveMedium
114Argumentxxx_xxpredictiveLow
115Argumentxx_xxxxxxxxxxx[]predictiveHigh
116ArgumentxxxpredictiveLow
117ArgumentxxxpredictiveLow
118ArgumentxxxpredictiveLow
119Argumentxxxx_xxpredictiveLow
120ArgumentxxxxxxxpredictiveLow
121Argumentxxxx_xxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
125Argumentxx_xxxxxxxpredictiveMedium
126ArgumentxxxxxxxpredictiveLow
127Argumentxxxxx_xxpredictiveMedium
128ArgumentxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxpredictiveLow
131Argumentxxxxxxx_xxxpredictiveMedium
132Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
133ArgumentxxxxpredictiveLow
134ArgumentxxxxxxxpredictiveLow
135Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
136ArgumentxxxxxxpredictiveLow
137Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
138ArgumentxxpredictiveLow
139ArgumentxxxxpredictiveLow
140Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
141ArgumentxxxxxxxxpredictiveMedium
142Argumentxxxxx_xxxx_xxxxpredictiveHigh
143ArgumentxxxxxxxxxxpredictiveMedium
144Argumentxxxx_xxpredictiveLow
145Argumentx_xxxxpredictiveLow
146ArgumentxxxxpredictiveLow
147ArgumentxxxxxpredictiveLow
148ArgumentxxxxxxxxxpredictiveMedium
149ArgumentxxpredictiveLow
150ArgumentxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxxpredictiveLow
153ArgumentxxxxxxpredictiveLow
154Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
155Argumentxxxxx xx xxxxxxx xxxxxpredictiveHigh
156Input Value//xxx//xxxxxxx.xxxpredictiveHigh
157Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
158Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
159Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
160Pattern|xx|predictiveLow

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!