Evilnum Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Sprache

en	48
de	6
ru	2
fr	2

Land

io	42
us	8
ru	4
se	4

Akteure

Evilnum	3
Azorult	3
Remcos	2
TrickBot	2
Ave Maria	2

Interesse

Typ

Not Defined	24
Smartphone Operating System	6
Programming Language Software	4
Network Management Software	2
Document Reader Software	2

Hersteller

Not Defined	22
Microsoft	4
Huawei	4
Adobe	2
Early Impact	2

Produkt

Huawei P30	4
AnyDesk	2
PRTG Network Monitor	2
Adobe Acrobat Reader	2
Microsoft Internet Explorer	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	unrar Pufferüberlauf	8.5	7.7	$25k-$100k	Wird berechnet	Proof-of-Concept	Official Fix	0.02	0.02417	CVE-2012-6706
2	OpenResty ngx.req.get_post_args SQL Injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00637	CVE-2018-9230
3	PRTG Network Monitor login.htm erweiterte Rechte	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00288	CVE-2018-19410
4	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.57	0.00943	CVE-2010-0966
5	democracy-poll Plugin Cross Site Request Forgery	6.5	6.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00085	CVE-2017-18521
6	democracy-poll Plugin class.DemAdminInit.php update_l10n Cross Site Scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00084	CVE-2017-18520
7	FileOrbis File Management System Privilege Escalation	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00096	CVE-2022-3693
8	Atlassian JIRA Server/Data Center Email Template Privilege Escalation	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00199	CVE-2021-43947
9	phpMyAdmin Setup Cross Site Scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01039	CVE-2022-23808
10	Microsoft Exchange Server Outlook Web Access unbekannte Schwachstelle	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-0817
11	Microsoft Exchange Server Outlook Web Access erweiterte Rechte	7.2	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00327	CVE-2017-11932
12	Alcatel-Lucent Voice Mail System schwache Authentisierung	9.8	9.8	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00856	CVE-2007-1822
13	Qiku 360 Phone N6 Pro Kernel Module mmcblk0rpmb Denial of Service	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00082	CVE-2018-18318
14	MailEnable Enterprise Premium XML Data XML External Entity	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00224	CVE-2019-12924
15	MailEnable Web Mail list.asp Cross Site Scripting	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.02450	CVE-2007-0651
16	Synology DiskStation Manager smart.cgi erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.11909	CVE-2017-15889
17	AuYou Wireless Smart Outlet Socket Remote Control Straisand schwache Authentisierung	6.3	5.8	$5k-$25k	Wird berechnet	Proof-of-Concept	Workaround	0.00	0.00000
18	Huawei Smart Phone Bastet Module Pufferüberlauf	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09	0.00072	CVE-2019-5282
19	Huawei P30 Pufferüberlauf	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00073	CVE-2019-5287
20	Huawei P30 Pufferüberlauf	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00073	CVE-2019-5288

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	5.206.227.72		EVILNUM	03.06.2022	verifiziert	High
2	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxxx-xxx	Xxxxxxx	31.05.2021	verifiziert	High
3	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxxxx	31.05.2021	verifiziert	High
4	XXX.XX.XXX.XX	xxxxxx-xx.xxxxxxxxxxx.xx	Xxxxxxx	31.05.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22, CWE-35	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/dev/block/mmcblk0rpmb	prädiktiv	High
2	File	/etc/shadow	prädiktiv	Medium
3	File	/public/login.htm	prädiktiv	High
4	File	admin/class.DemAdminInit.php	prädiktiv	High
5	File	auth-gss2.c	prädiktiv	Medium
6	File	xxxxx.xxx	prädiktiv	Medium
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
8	File	xxxxx/xxx/xxxx.xxx	prädiktiv	High
9	File	xxxx.xxx	prädiktiv	Medium
10	File	xxx/xxxxxx.xxx	prädiktiv	High
11	File	xxxxx.xxx	prädiktiv	Medium
12	File	xxxxx.xxxxxxx.xxx	prädiktiv	High
13	File	xxxx_xxxx.xxx	prädiktiv	High
14	File	xxxxxxxxx/xxxxxxxx.xxx	prädiktiv	High
15	File	xxxxxx.xxx	prädiktiv	Medium
16	File	xxx_xxxxx.xxx	prädiktiv	High
17	File	xxxxxxxx.xxxxx	prädiktiv	High
18	File	xxxxxxxx.xxx	prädiktiv	Medium
19	File	xxxxxxx_xxxxxxx.xxx	prädiktiv	High
20	File	xxxxxx/xxxxx/xxxx/xxxxxxx.xxxx	prädiktiv	High
21	File	xxxx_xxxxxxx_xxxxxxxx.xxx	prädiktiv	High
22	File	xxxxx.xxx	prädiktiv	Medium
23	File	xxxxxxx.xxx	prädiktiv	Medium
24	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx-xxxx&xxxxxxx=xxxx	prädiktiv	High
25	Library	xxxxxxx.xxx	prädiktiv	Medium
26	Argument	xxxxxxxx	prädiktiv	Medium
27	Argument	xxxxxx	prädiktiv	Low
28	Argument	xxxxx	prädiktiv	Low
29	Argument	xxx_xx	prädiktiv	Low
30	Argument	xxxx_xx	prädiktiv	Low
31	Argument	xxxx/xxxx	prädiktiv	Medium
32	Argument	xxxxxxx	prädiktiv	Low
33	Argument	xxxx	prädiktiv	Low
34	Argument	xxxx_xxxxxx	prädiktiv	Medium
35	Argument	xx	prädiktiv	Low
36	Argument	xxxxxxxxxx	prädiktiv	Medium
37	Argument	xxxx_xx	prädiktiv	Low
38	Argument	xxxx	prädiktiv	Low
39	Argument	xxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxx	prädiktiv	High
40	Argument	xxx	prädiktiv	Low
41	Network Port	xx xxxxxxx xxx.xx.xx.xx	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!