EvilGnome Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Sequenza temporale

Linguaggio

en48
zh2

Nazione

ru44
us6

Attori

TrickBot1
Quasar RAT1
EvilGnome1

Attività

Interesse

Sequenza temporale

Genere

Content Management System6
Not Defined6
Office Suite Software2
Mail Client Software2
Database Software2

Fornitore

Joomla4
Microsoft2
b2evolution2
Not Defined2
Oracle2

Prodotto

Joomla CMS4
Microsoft Office2
b2evolution CMS2
SquirrelMail2
Oracle MySQL Server2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Veritas NetBackup bpcd escalazione di privilegi8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004700.02CVE-2015-6550
3cnoa OA autenticazione debole7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.05CVE-2023-2799
4SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service escalazione di privilegi8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-31254
5Signiant Manager+Agents XML External Entity5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002210.00CVE-2021-46660
6Philips Engage Software escalazione di privilegi2.92.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-23173
7b2evolution CMS User Login sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.002040.00CVE-2021-31632
8WordPress Sandbox flashmediaelement.swf Cross-Domain escalazione di privilegi6.05.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000810.00CVE-2016-9263
9Oracle MySQL Server Encryption rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001730.00CVE-2019-2923
10Notepad++ Scintilla SciLexer.dll escalazione di privilegi7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.005980.05CVE-2019-16294
11Omron CX-One CX-Programmer Password Storage rivelazione di un 'informazione5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
12Dahuasecurity Dvr5408 Authorization escalazione di privilegi9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.003020.00CVE-2013-5754
13Dahua IP Camera/IP PTZ Temporary Password crittografia debole7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.006010.03CVE-2017-9315
14Mailman escalazione di privilegi6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
15WordPress pluggable.php wp_validate_redirect Redirect8.07.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006500.03CVE-2016-2221
16Axesstel MU553S ConfigSet cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2017-11350
17Microsoft Office Remote Code Execution7.06.9$5k-$25k$0-$5kHighOfficial Fix0.421710.13CVE-2017-0262
18Google Chrome URI escalazione di privilegi5.44.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.004080.00CVE-2012-4906
19Joomla CMS sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002640.00CVE-2013-1453
20Joomla CMS Password Reset escalazione di privilegi7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001500.04CVE-2012-1598

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1195.62.52.10152-101.static.ipcserver.netEvilGnome12/02/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1068CAPEC-19CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
2T1078.001CWE-259Use of Hard-coded PasswordpredictiveAlto
3TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
4TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/index.php?app=main&func=passport&action=loginpredictiveAlto
2Filecgi-bin/ConfigSetpredictiveAlto
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
4Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
5Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
6Libraryxxxxxxxx.xxxpredictiveMedia
7ArgumentxxxxxxxxxxxxpredictiveMedia
8ArgumentxxxxxxxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!