EVILSUN

Description

(FireEye) EVILSUN is a remote exploitation tool that gains access to Solaris 10 and 11 systems of SPARC or i386 architecture using a vulnerability (CVE-2020-14871) exposed by SSH keyboard-interactive authentication. The remote exploitation tool makes SSH connections to hosts passed on the command line. The default port is the normal SSH port (22), but this may be overridden. EVILSUN passes the banner string SSH-2.0-Sun_SSH_1.1.3 over the connection in clear text as part of handshaking.

Names

Name
EVILSUN

Information

https://www.mandiant.com/resources/live-off-the-land-an-overview-of-unc1945

Other Information

Uuid

ad794600-929a-42d4-a1a6-516f5ffcaadd

Last Card Change

2022-04-03

Threat Intelligence Garden

Explorer

EVILSUN

EVILSUN

Description

Names

Category

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks