EvilBunny Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en94
zh10
fr6
pl2
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us82
gb12
fr4
ru4
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

EvilBunny2
Qakbot1
Crimeware1
Nanocore1
Upatre1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Web Server8
Content Management System8
WordPress Plugin8
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Apache6
Apple6
Cisco4
AnalogX4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server4
AnalogX Proxy4
Netgear DGN2200 N3004
Google Android4
Apple macOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.03CVE-2016-6195
2IBM WebSphere Host On-Demand Remote Code Execution7.36.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.019230.00CVE-2006-6537
3Apple iOS/iPadOS Assets resource transfer5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-9979
4nuxt code injection8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.04CVE-2023-3224
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.95CVE-2010-0966
6wp-google-maps Plugin REST API class.rest-api.php input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.972910.04CVE-2019-10692
7GNU Tar Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.006340.04CVE-2005-2541
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
9Apache Tomcat Reverse-Proxy Http11InputBuffer.java information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001890.04CVE-2016-8747
10Banu Tinyproxy HTTP Proxy Server acl.c config3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2011-1499
11Trojan-Proxy.Win32.Symbab.o Service Port 8080 heap-based overflow7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.04
12AnalogX Proxy SMTP memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005210.00CVE-2000-0657
13AnalogX Proxy URL memory corruption10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.096980.00CVE-2003-0410
14AnalogX Proxy Request memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.195870.00CVE-2002-1001
15AnalogX Proxy POP3 memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005210.00CVE-2000-0658
16AnalogX Proxy FTP memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011600.00CVE-2000-0656
17PHP PHAR phar_dir_read buffer overflow8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2023-3824
18Siemens RUGGEDCOM ROX I Web Interface File information disclosure5.45.3$5k-$25k$0-$5kNot DefinedWorkaround0.001190.00CVE-2017-2686
19radsecproxy Peer Discovery DNS Record naptr-eduroam.sh injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003700.00CVE-2021-32642
20Wiki.js Storage Module pathname traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001700.00CVE-2020-15236

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.9.32.11EvilBunny01/01/2021verifiedHigh
28.5.1.34EvilBunny01/01/2021verifiedHigh
364.15.136.137EvilBunny01/01/2021verifiedHigh
466.45.225.11EvilBunny01/01/2021verifiedHigh
5XX.XX.XX.XXXxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
6XX.XX.XX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
7XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
8XX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
9XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
10XX.XX.XXX.XXxxxxx.xxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
11XX.XX.XX.XXxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
12XX.X.XXX.XXXxxx.xxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
13XX.XX.XX.XXXxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
14XX.XX.XX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
15XX.XXX.XXX.XXXxxxxxxxx.xxx.xxxXxxxxxxxx01/01/2021verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
17XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
18XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxx01/01/2021verifiedHigh
19XXX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
20XXX.XX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sales/index.phppredictiveHigh
2File/category.phppredictiveHigh
3File/classes/Master.php?f=save_sub_categorypredictiveHigh
4File/errorpredictiveLow
5File/etc/passwdpredictiveMedium
6File/getcfg.phppredictiveMedium
7File/uncpath/predictiveMedium
8Fileacl.cpredictiveLow
9Filexxxxxxx.xxpredictiveMedium
10Filexxx_xx_xxxxxx_xx.xxpredictiveHigh
11Filexxxxx/xxxx/xxxxxxxxpredictiveHigh
12Filexx_xxxxxxxpredictiveMedium
13Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
14Filexx/xxxxx.xpredictiveMedium
15Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxxxx/xxx.xpredictiveHigh
22Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
23Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
24Filexxx/xxx_xxxx_xxx.xpredictiveHigh
25Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
26Filexxxxx-xxxxxxx.xxpredictiveHigh
27Filexxx-xxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxx_xxxxxxx.xxxpredictiveHigh
31Filexxxxxx_xxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxxx.xpredictiveHigh
33Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
34Filexxxx/xxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
37Filexx-xxxxxxxxxxx.xxxpredictiveHigh
38Argumentxxx_xxxxpredictiveMedium
39ArgumentxxxxxxxxpredictiveMedium
40Argumentxxxx_xxxxx/xxxx_xxxpredictiveHigh
41ArgumentxxpredictiveLow
42Argumentxxxxxxx[xxxxxx]predictiveHigh
43ArgumentxxxxxxpredictiveLow
44ArgumentxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxpredictiveLow
47Argumentxx/xpredictiveLow
48ArgumentxxxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxpredictiveLow
50Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
51ArgumentxxxpredictiveLow
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxpredictiveLow
55ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58Argumentxxx_xxxxxxxxpredictiveMedium
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxpredictiveLow
61Argument__xxxxxxxxxxxxxpredictiveHigh
62Input Valuexxxxx/xxxxxxxxpredictiveHigh
63Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
64Network Portxxx/xxxxxpredictiveMedium
65Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!