Evilnum 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

タイムライン

言語

en48
ru4
fr4
de2

国・地域

io36
se8
us8
ru6

アクター

Evilnum3
Remcos2
Azorult2
Mirai2
Ave Maria2

アクティビティ

関心

タイムライン

タイプ

Not Defined24
Programming Language Software4
Survey Software4
Connectivity Software2
Web Browser2

ベンダー

Not Defined24
Microsoft8
Kaotik2
IBM2
Hancom2

製品

AnyDesk4
democracy-poll Plugin4
OpenSSH2
Microsoft Internet Explorer2
Kaotik Kshop2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1unrar メモリ破損8.57.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.02417CVE-2012-6706
2OpenResty ngx.req.get_post_args SQLインジェクション8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00637CVE-2018-9230
3PRTG Network Monitor login.htm 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00288CVE-2018-19410
4DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.00943CVE-2010-0966
5democracy-poll Plugin 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00085CVE-2017-18521
6democracy-poll Plugin class.DemAdminInit.php update_l10n クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2017-18520
7FileOrbis File Management System Privilege Escalation6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00096CVE-2022-3693
8Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00199CVE-2021-43947
9phpMyAdmin Setup クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01039CVE-2022-23808
10Microsoft Exchange Server Outlook Web Access 未知の脆弱性4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2019-0817
11Microsoft Exchange Server Outlook Web Access 特権昇格7.26.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00327CVE-2017-11932
12Alcatel-Lucent Voice Mail System 弱い認証9.89.8$0-$5k計算中Not DefinedNot Defined0.000.00856CVE-2007-1822
13Qiku 360 Phone N6 Pro Kernel Module mmcblk0rpmb サービス拒否6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00082CVE-2018-18318
14MailEnable Enterprise Premium XML Data XML External Entity8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00224CVE-2019-12924
15MailEnable Web Mail list.asp クロスサイトスクリプティング6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.02450CVE-2007-0651
16Synology DiskStation Manager smart.cgi 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.11909CVE-2017-15889
17AuYou Wireless Smart Outlet Socket Remote Control Straisand 弱い認証6.35.8$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
18Huawei Smart Phone Bastet Module メモリ破損6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00072CVE-2019-5282
19Huawei P30 メモリ破損6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00073CVE-2019-5287
20Huawei P30 メモリ破損6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00073CVE-2019-5288

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.206.227.72EVILNUM2022年06月03日verified
2XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxx-xxxXxxxxxx2021年05月31日verified
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxxxx2021年05月31日verified
4XXX.XX.XXX.XXxxxxxx-xx.xxxxxxxxxxx.xxXxxxxxx2021年05月31日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22, CWE-35Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/dev/block/mmcblk0rpmbpredictive
2File/etc/shadowpredictive
3File/public/login.htmpredictive
4Fileadmin/class.DemAdminInit.phppredictive
5Fileauth-gss2.cpredictive
6Filexxxxx.xxxpredictive
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
8Filexxxxx/xxx/xxxx.xxxpredictive
9Filexxxx.xxxpredictive
10Filexxx/xxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxx.xxxxxxx.xxxpredictive
13Filexxxx_xxxx.xxxpredictive
14Filexxxxxxxxx/xxxxxxxx.xxxpredictive
15Filexxxxxx.xxxpredictive
16Filexxx_xxxxx.xxxpredictive
17Filexxxxxxxx.xxxxxpredictive
18Filexxxxxxxx.xxxpredictive
19Filexxxxxxx_xxxxxxx.xxxpredictive
20Filexxxxxx/xxxxx/xxxx/xxxxxxx.xxxxpredictive
21Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
22Filexxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx-xxxx&xxxxxxx=xxxxpredictive
25Libraryxxxxxxx.xxxpredictive
26Argumentxxxxxxxxpredictive
27Argumentxxxxxxpredictive
28Argumentxxxxxpredictive
29Argumentxxx_xxpredictive
30Argumentxxxx_xxpredictive
31Argumentxxxx/xxxxpredictive
32Argumentxxxxxxxpredictive
33Argumentxxxxpredictive
34Argumentxxxx_xxxxxxpredictive
35Argumentxxpredictive
36Argumentxxxxxxxxxxpredictive
37Argumentxxxx_xxpredictive
38Argumentxxxxpredictive
39Argumentxxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictive
40Argumentxxxpredictive
41Network Portxx xxxxxxx xxx.xx.xx.xxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!