EvilBunny 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

タイムライン

言語

en88
zh10
es4
pt2
pl2

国・地域

us64
gb10
cn10
fr6
ru6

アクター

EvilBunny3
Qakbot1
Crimeware1
Nanocore1
Upatre1

アクティビティ

関心

タイムライン

タイプ

Not Defined38
Content Management System8
Web Server8
Smartphone Operating System6
Operating System6

ベンダー

Not Defined44
Google6
Apache6
Cisco4
Apple4

製品

Google Android6
Apache HTTP Server4
Apple macOS4
iNotes2
Wiki.js2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1vBulletin moderation.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.010.00284CVE-2016-6195
2IBM WebSphere Host On-Demand Remote Code Execution7.36.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.040.01923CVE-2006-6537
3Apple iOS/iPadOS Assets Local Privilege Escalation5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2020-9979
4nuxt 特権昇格8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00090CVE-2023-3224
5DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.920.00943CVE-2010-0966
6wp-google-maps Plugin REST API class.rest-api.php 特権昇格8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.97373CVE-2019-10692
7GNU Tar Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00634CVE-2005-2541
8PHP PHAR phar_dir_read メモリ破損8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00126CVE-2023-3824
9Siemens RUGGEDCOM ROX I Web Interface File 情報の漏洩5.45.3$5k-$25k計算中Not DefinedWorkaround0.000.00119CVE-2017-2686
10radsecproxy Peer Discovery DNS Record naptr-eduroam.sh 特権昇格5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00286CVE-2021-32642
11Wiki.js Storage Module ディレクトリトラバーサル5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00170CVE-2020-15236
12Jupyter Core jupyter_core 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00296CVE-2022-39286
13Grafana Dashboard 特権昇格6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2023-2801
14Dojo Toolkit DataGrid String Injection 特権昇格8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00531CVE-2018-15494
15Ovidentia CMS index.php SQLインジェクション4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00089CVE-2021-29343
16SourceCodester Online Computer and Laptop Store index.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00075CVE-2023-1953
17SourceCodester Online Computer and Laptop Store Subcategory SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00075CVE-2023-1957
18FreeBSD Listening Socket accf_create メモリ破損5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2021-29627
19Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.02758CVE-2023-23415
20Oracle HTTP Server SSL Module メモリ破損9.89.6$100k 以上$25k-$100kNot DefinedOfficial Fix0.020.15087CVE-2022-23943

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.9.32.11EvilBunny2021年01月01日verified
28.5.1.34EvilBunny2021年01月01日verified
364.15.136.137EvilBunny2021年01月01日verified
466.45.225.11EvilBunny2021年01月01日verified
5XX.XX.XX.XXXxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
6XX.XX.XX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
7XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
8XX.XX.XXX.XXXXxxxxxxxx2021年01月01日verified
9XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
10XX.XX.XXX.XXxxxxx.xxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
11XX.XX.XX.XXxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
12XX.X.XXX.XXXxxx.xxxxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
13XX.XX.XX.XXXxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
14XX.XX.XX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
15XX.XXX.XXX.XXXxxxxxxxx.xxx.xxxXxxxxxxxx2021年01月01日verified
16XX.XXX.XXX.XXXXxxxxxxxx2021年01月01日verified
17XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx2021年01月01日verified
18XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxx2021年01月01日verified
19XXX.XX.XXX.XXXXxxxxxxxx2021年01月01日verified
20XXX.XX.XXX.XXXXxxxxxxxx2021年01月01日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/sales/index.phppredictive
2File/category.phppredictive
3File/classes/Master.php?f=save_sub_categorypredictive
4File/errorpredictive
5File/etc/passwdpredictive
6File/getcfg.phppredictive
7Fileawredir.plpredictive
8Filexxx_xx_xxxxxx_xx.xxpredictive
9Filexxxxx/xxxx/xxxxxxxxpredictive
10Filexx_xxxxxxxpredictive
11Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictive
12Filexx/xxxxx.xpredictive
13Filexxx/xxxxxx.xxxpredictive
14Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxxxx.xxxpredictive
18Filexxxxxxxxxx/xxx.xpredictive
19Filexxxxxxxxxx/xxxxxx.xpredictive
20Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
21Filexxx/xxx_xxxx_xxx.xpredictive
22Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
23Filexxxxx-xxxxxxx.xxpredictive
24Filexxx-xxxx.xxxpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxxxxxxxx.xxxpredictive
27Filexxx_xxxxxxx.xxxpredictive
28Filexxxxxx_xxx.xxxpredictive
29Filexxxx/xxxxxxxxx.xpredictive
30Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
31Filexxxx/xxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxxxxx.xxxpredictive
33Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
34Filexx-xxxxxxxxxxx.xxxpredictive
35Argumentxxx_xxxxpredictive
36Argumentxxxxxxxxpredictive
37Argumentxxxx_xxxxx/xxxx_xxxpredictive
38Argumentxxpredictive
39Argumentxxxxxxx[xxxxxx]predictive
40Argumentxxxxxxpredictive
41Argumentxxxxpredictive
42Argumentxxpredictive
43Argumentxx/xpredictive
44Argumentxxxxxxxxxxxpredictive
45Argumentxxxxxxpredictive
46Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
47Argumentxxxpredictive
48Argumentxxxxxxxpredictive
49Argumentxxxxxxpredictive
50Argumentxxxxxxxxxxxxxxxxxpredictive
51Argumentxxxxxxxxpredictive
52Argumentxxxpredictive
53Argumentxxx_xxxxxxxxpredictive
54Argumentxxxxxpredictive
55Argument__xxxxxxxxxxxxxpredictive
56Input Valuexxxxx/xxxxxxxxpredictive
57Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
58Network Portxxx/xxxxxpredictive
59Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!