EvilGnome Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Язык

en	48
es	2

Страна

ru	46
us	4

Акторы

TrickBot	1
Quasar RAT	1
EvilGnome	1

Интерес

Тип

Not Defined	6
Content Management System	4
Database Software	2
Operating System	2
Document Reader Software	2

Поставщик

Not Defined	4
Oracle	2
Signiant	2
SUSE	2
Joomla	2

Продукт

Oracle MySQL Server	2
Signiant Manager+Agents	2
SUSE Linux Enterprise Server	2
SUSE Manager Server	2
Joomla CMS	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	Расчет	High	Workaround	0.02016	0.00	CVE-2007-1192
2	Veritas NetBackup bpcd эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00470	0.00	CVE-2015-6550
3	cnoa OA слабая аутентификация	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00091	0.06	CVE-2023-2799
4	SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service эскалация привилегий	8.3	8.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-31254
5	Signiant Manager+Agents XML External Entity	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00221	0.04	CVE-2021-46660
6	Philips Engage Software эскалация привилегий	2.9	2.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-23173
7	b2evolution CMS User Login sql-инъекция	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00204	0.00	CVE-2021-31632
8	WordPress Sandbox flashmediaelement.swf Cross-Domain эскалация привилегий	6.0	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00081	0.00	CVE-2016-9263
9	Oracle MySQL Server Encryption раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00173	0.00	CVE-2019-2923
10	Notepad++ Scintilla SciLexer.dll эскалация привилегий	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00598	0.03	CVE-2019-16294
11	Omron CX-One CX-Programmer Password Storage раскрытие информации	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2015-0988
12	Dahuasecurity Dvr5408 Authorization эскалация привилегий	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00320	0.00	CVE-2013-5754
13	Dahua IP Camera/IP PTZ Temporary Password слабое шифрование	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00601	0.04	CVE-2017-9315
14	Mailman эскалация привилегий	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00160	0.00	CVE-2018-13796
15	WordPress pluggable.php wp_validate_redirect Redirect	8.0	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00650	0.03	CVE-2016-2221
16	Axesstel MU553S ConfigSet неизвестная уязвимость	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00071	0.00	CVE-2017-11350
17	Microsoft Office Remote Code Execution	7.0	6.9	$5k-$25k	$0-$5k	High	Official Fix	0.42171	0.03	CVE-2017-0262
18	Google Chrome URI эскалация привилегий	5.4	4.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00288	0.00	CVE-2012-4906
19	Joomla CMS sql-инъекция	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00264	0.00	CVE-2013-1453
20	Joomla CMS Password Reset эскалация привилегий	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00207	0.00	CVE-2012-1598

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	195.62.52.101	52-101.static.ipcserver.net	EvilGnome		12.02.2024	verified	Высокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1068	CAPEC-19	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	Высокий
2	T1078.001		CWE-259	Use of Hard-coded Password	predictive	Высокий
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
4	TXXXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/index.php?app=main&func=passport&action=login	predictive	Высокий
2	File	cgi-bin/ConfigSet	predictive	Высокий
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
4	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
5	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Высокий
6	Library	xxxxxxxx.xxx	predictive	Средний
7	Argument	xxxxxxxxxxxx	predictive	Средний
8	Argument	xxxxxxxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!