REVIL
Predicted CVEs (2) CORRELATION
How does prediction work?
Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.
ATT&CK Techniques (16)
T1078
Valid Accounts
Initial Access
T1190
Exploit Public-Facing Application
Initial Access
T1195
Supply Chain Compromise
Initial Access
T1059.001
Command and Scripting Interpreter: PowerShell
Execution
T1218.007
Signed Binary Proxy Execution: Msiexec
Execution
T1027
Obfuscated Files or Information
Defense Evasion
T1497
Virtualization/Sandbox Evasion
Defense Evasion
T1562.001
Disable or Modify Tools
Defense Evasion
T1003.001
OS Credential Dumping: LSASS Memory
Credential Access
T1082
System Information Discovery
Discovery
T1135
Network Share Discovery
Discovery
T1021.001
Remote Services: Remote Desktop Protocol
Lateral Movement
T1567.002
Exfiltration Over Web Service: Exfiltration to Cloud Storage
Exfiltration
T1071.001
Application Layer Protocol: Web Protocols
Command and Control
T1486
Data Encrypted for Impact
Impact
T1490
Inhibit System Recovery
Impact