EvilExtractor Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Curso de tempo

Idioma

en62
ar2

País

us16
nl2

Actores

Amadey1
EvilExtractor1
Mirai1
Ave Maria1
Cobalt Strike1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined30
WordPress Plugin10
Smartphone Operating System10
Banking Software2
Web Browser2

Fabricante

Not Defined14
SourceCodester8
Google8
DUware6
SAP4

Produto

Google Android6
SourceCodester Online Tours & Travels Management S ...4
Apple iOS4
Apple iPadOS4
WH Testimonials Plugin2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1HTMLJunction EZGuestbook Divulgação de Informação7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.006060.00CVE-2005-1660
2DUware DUpaypal detail.asp Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.02CVE-2006-6365
3Ivanti Wavelink Avalanche Manager Message Excesso de tampão9.19.0$0-$5k$0-$5kNot DefinedOfficial Fix0.426060.04CVE-2023-32560
4Synthetic Reality Sympoll index.php Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.021760.02CVE-2003-1175
5SourceCodester Inventory Management System edit_update.php Injecção SQL7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-4436
6SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php Injecção SQL7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.04CVE-2023-2090
7Xen x86 Shadow Paging Negação de Serviço6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-42335
8Microsoft Azure Machine Learning Divulgação de Informação5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000520.00CVE-2023-28312
9MediaTek MT8798 WLAN Excesso de tampão5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2023-20682
10SourceCodester Simple Task Allocation System manage_user.php Injecção SQL7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-1791
11firefly-iii direitos alargados6.86.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.00CVE-2023-1789
12Apple macOS System Settings Divulgação de Informação3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2023-23542
13Google Android UidObserverController.java register Divulgação de Informação4.44.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-21029
14Miniflux Mixed Content Roteiro Cruzado de Sítios4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001000.00CVE-2023-27592
15Ansible Semaphore auth.go Fraca autenticação8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.02CVE-2023-28609
16Microsoft Windows Printer Driver Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.007620.00CVE-2023-23406
17WH Testimonials Plugin Roteiro Cruzado de Sítios5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.000860.00CVE-2023-1372
18Proofpoint Enterprise Protection Webutils Privilege Escalation8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000940.02CVE-2023-0089
19Microsoft Windows Remote Desktop/Terminal Services Web Connection Fraca autenticação6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
20DrayTek Vigor 2960 Web Management Interface mainfunction.cgi direitos alargados7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.08CVE-2023-1162

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
189.116.53.55EvilExtractor26/04/2023verifiedAlto
2XXX.XX.XX.XXXXxxxxxxxxxxxx26/04/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveAlto
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/maintenance/view_designation.phppredictiveAlto
2File/apply.cgipredictiveMédio
3File/forum/PostPrivateMessagepredictiveAlto
4File/login/index.phppredictiveAlto
5File/see_more_details.phppredictiveAlto
6File/xxxxxx.xxxpredictiveMédio
7File/xxxx/x.xxxpredictiveMédio
8Filexxxxx/xxxxxxxx_xxx.xxxpredictiveAlto
9Filexxx/xxxx.xxpredictiveMédio
10Filexxx/xxxxxx/xxxx_xxxxxx.xxxpredictiveAlto
11Filexxxxxx.xxxpredictiveMédio
12Filexx/xxxxxxxxxxxx.xxxpredictiveAlto
13Filexxxxx.xxxpredictiveMédio
14Filexxx.xxxpredictiveBaixo
15Filexxxxxxxxxxxx.xxxpredictiveAlto
16Filexxxxxx_xxxx.xxxpredictiveAlto
17Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveAlto
18Filexxxxxxx/xxxxxxxxxx.xxpredictiveAlto
19Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
20Filexxxxxx_xxxx.xxxpredictiveAlto
21ArgumentxxxxxxxpredictiveBaixo
22ArgumentxxxxxxxxxpredictiveMédio
23Argumentxxxx.xxxxxxxxxxxpredictiveAlto
24ArgumentxxpredictiveBaixo
25ArgumentxxxxpredictiveBaixo
26ArgumentxxxxxpredictiveBaixo
27ArgumentxxxxpredictiveBaixo
28ArgumentxxxxxxxxpredictiveMédio
29ArgumentxxxxxxxxpredictiveMédio
30Argumentxxxxxxx/xxxxxxxpredictiveAlto
31Argumentxxxx_xxpredictiveBaixo
32ArgumentxxpredictiveBaixo
33Argumentxx_xxxxxxxx/xx_xxxx_xxxxx/xx_xxxx_xxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!