EvilBunny Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

Sprache

en	90
zh	4
pl	4
pt	4
fr	2

Land

us	74
gb	8
cn	6
ru	4
fr	4

Akteure

EvilBunny	3
Qakbot	1
Crimeware	1
Nanocore	1
Upatre	1

Interesse

Typ

Not Defined	32
Operating System	12
Smartphone Operating System	10
Web Server	6
Hosting Control Software	4

Hersteller

Not Defined	32
Apple	6
Google	6
Apache	6
Samsung	4

Produkt

Apple macOS	6
Google Android	6
Samsung Galaxy S4	4
Samsung Galaxy S6	4
Samsung Note 3	4

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	vBulletin moderation.php SQL Injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.01	0.00284	CVE-2016-6195
2	IBM WebSphere Host On-Demand Remote Code Execution	7.3	6.9	$25k-$100k	$5k-$25k	Proof-of-Concept	Not Defined	0.04	0.01923	CVE-2006-6537
3	Apple iOS/iPadOS Assets Local Privilege Escalation	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2020-9979
4	nuxt erweiterte Rechte	8.4	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00090	CVE-2023-3224
5	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.57	0.00943	CVE-2010-0966
6	wp-google-maps Plugin REST API class.rest-api.php erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.97373	CVE-2019-10692
7	GNU Tar Remote Code Execution	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00634	CVE-2005-2541
8	PHP PHAR phar_dir_read Pufferüberlauf	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00126	CVE-2023-3824
9	Siemens RUGGEDCOM ROX I Web Interface File Information Disclosure	5.4	5.3	$5k-$25k	Wird berechnet	Not Defined	Workaround	0.00	0.00119	CVE-2017-2686
10	radsecproxy Peer Discovery DNS Record naptr-eduroam.sh erweiterte Rechte	5.6	5.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.03	0.00286	CVE-2021-32642
11	Wiki.js Storage Module Directory Traversal	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00170	CVE-2020-15236
12	Jupyter Core jupyter_core erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00296	CVE-2022-39286
13	Grafana Dashboard erweiterte Rechte	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00044	CVE-2023-2801
14	Dojo Toolkit DataGrid String Injection erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00531	CVE-2018-15494
15	Ovidentia CMS index.php SQL Injection	4.3	4.1	$0-$5k	Wird berechnet	Proof-of-Concept	Not Defined	0.07	0.00089	CVE-2021-29343
16	SourceCodester Online Computer and Laptop Store index.php SQL Injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00075	CVE-2023-1953
17	SourceCodester Online Computer and Laptop Store Subcategory SQL Injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00075	CVE-2023-1957
18	FreeBSD Listening Socket accf_create Pufferüberlauf	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2021-29627
19	Microsoft Windows ICMP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.02758	CVE-2023-23415
20	Oracle HTTP Server SSL Module Pufferüberlauf	9.8	9.6	$100k und mehr	$5k-$25k	Not Defined	Official Fix	0.02	0.15087	CVE-2022-23943

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	1.9.32.11		EvilBunny	01.01.2021	verifiziert	High
2	8.5.1.34		EvilBunny	01.01.2021	verifiziert	High
3	64.15.136.137		EvilBunny	01.01.2021	verifiziert	High
4	66.45.225.11		EvilBunny	01.01.2021	verifiziert	High
5	XX.XX.XX.XXX	xxx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
6	XX.XX.XX.XX	xx.xx.xxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
7	XX.XXX.XXX.XX	xx-xx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
8	XX.XX.XXX.XXX		Xxxxxxxxx	01.01.2021	verifiziert	High
9	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
10	XX.XX.XXX.XX	xxxxx.xxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
11	XX.XX.XX.XX	xxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
12	XX.X.XXX.XXX	xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
13	XX.XX.XX.XXX	xxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
14	XX.XX.XX.XXX	xx.xx.xxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
15	XX.XXX.XXX.XXX	xxxxxxxx.xxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
16	XX.XXX.XXX.XXX		Xxxxxxxxx	01.01.2021	verifiziert	High
17	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
18	XXX.XXX.XX.XX	xxxxxxxxxx.xxxxxxx.xxx.xxx	Xxxxxxxxx	01.01.2021	verifiziert	High
19	XXX.XX.XXX.XXX		Xxxxxxxxx	01.01.2021	verifiziert	High
20	XXX.XX.XXX.XXX		Xxxxxxxxx	01.01.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-21, CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/admin/sales/index.php	prädiktiv	High
2	File	/category.php	prädiktiv	High
3	File	/classes/Master.php?f=save_sub_category	prädiktiv	High
4	File	/error	prädiktiv	Low
5	File	/etc/passwd	prädiktiv	Medium
6	File	/getcfg.php	prädiktiv	Medium
7	File	awredir.pl	prädiktiv	Medium
8	File	xxx_xx_xxxxxx_xx.xx	prädiktiv	High
9	File	xxxxx/xxxx/xxxxxxxx	prädiktiv	High
10	File	xx_xxxxxxx	prädiktiv	Medium
11	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	prädiktiv	High
12	File	xx/xxxxx.x	prädiktiv	Medium
13	File	xxx/xxxxxx.xxx	prädiktiv	High
14	File	xxxxxxxx/xxxxx.xxxx-xxx.xxx	prädiktiv	High
15	File	xxxxx.xxx	prädiktiv	Medium
16	File	xxxxx.xxx	prädiktiv	Medium
17	File	xxxxxxx.xxx	prädiktiv	Medium
18	File	xxxxxxxxxx/xxx.x	prädiktiv	High
19	File	xxxxxxxxxx/xxxxxx.x	prädiktiv	High
20	File	xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx	prädiktiv	High
21	File	xxx/xxx_xxxx_xxx.x	prädiktiv	High
22	File	xxxxxxx/xxxxxxx/xxx_xxxxxxx.x	prädiktiv	High
23	File	xxxxx-xxxxxxx.xx	prädiktiv	High
24	File	xxx-xxxx.xxx	prädiktiv	Medium
25	File	xxxxx.xxx	prädiktiv	Medium
26	File	xxxxxxxxxxxx.xxx	prädiktiv	High
27	File	xxx_xxxxxxx.xxx	prädiktiv	High
28	File	xxxxxx_xxx.xxx	prädiktiv	High
29	File	xxxx/xxxxxxxxx.x	prädiktiv	High
30	File	xxxx/xxx/xxxx-xxxxx.xxx	prädiktiv	High
31	File	xxxx/xxxxxxxx.xxx	prädiktiv	High
32	File	xxxxxxxxxxxxxxxxx.xxx	prädiktiv	High
33	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	prädiktiv	High
34	File	xx-xxxxxxxxxxx.xxx	prädiktiv	High
35	Argument	xxx_xxxx	prädiktiv	Medium
36	Argument	xxxxxxxx	prädiktiv	Medium
37	Argument	xxxx_xxxxx/xxxx_xxx	prädiktiv	High
38	Argument	xx	prädiktiv	Low
39	Argument	xxxxxxx[xxxxxx]	prädiktiv	High
40	Argument	xxxxxx	prädiktiv	Low
41	Argument	xxxx	prädiktiv	Low
42	Argument	xx	prädiktiv	Low
43	Argument	xx/x	prädiktiv	Low
44	Argument	xxxxxxxxxxx	prädiktiv	Medium
45	Argument	xxxxxx	prädiktiv	Low
46	Argument	xxxxxxxxx_xxxxxxxx_xxxx	prädiktiv	High
47	Argument	xxx	prädiktiv	Low
48	Argument	xxxxxxx	prädiktiv	Low
49	Argument	xxxxxx	prädiktiv	Low
50	Argument	xxxxxxxxxxxxxxxxx	prädiktiv	High
51	Argument	xxxxxxxx	prädiktiv	Medium
52	Argument	xxx	prädiktiv	Low
53	Argument	xxx_xxxxxxxx	prädiktiv	Medium
54	Argument	xxxxx	prädiktiv	Low
55	Argument	__xxxxxxxxxxxxx	prädiktiv	High
56	Input Value	xxxxx/xxxxxxxx	prädiktiv	High
57	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	prädiktiv	High
58	Network Port	xxx/xxxxx	prädiktiv	Medium
59	Network Port	xxx xxxxxx xxxx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!