Cardinal RAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en195
fr45
it25
pl3
de2

Country

us163
cr78
ar14
ru12
id2

Actors

Cardinal RAT273

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2Moxa ThingsPro command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2018-18396
3Google Android Qualcomm Crypto Driver access control9.39.3$25k-$100k$25k-$100kNot DefinedNot Defined0.04CVE-2016-8418
4Qualcomm Snapdragon Mobile WLAN input validation6.86.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-11873
5Qualcomm Snapdragon Mobile WLAN memory corruption6.86.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-11875
6Foxit PhantomPDF fxhtml2pdf memory corruption7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2018-17706
7Yammer Desktop App input validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-8569
8elfutils libdw dwarf_getaranges.c dwarf_getaranges memory corruption6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-16062
9Qualcomm Snapdragon Mobile/Snapdragon Wear Modem Segment access control6.86.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-18308
10Google Android libjpeg access control7.87.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2016-6702
11Kraftway 24F2XG Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2018-15353
12MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.07CVE-2007-0354
13D-Link DIR Router _show_info.php privileges management5.45.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.00
14FreePBX unserialize code injection10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2014-7235
15OTRS cross-site request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2014-1694
16Schneider Electric Wonderware ArchestrA Logger null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-9631
17Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.21CVE-2009-4490
18vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-1419
19Rapid7 Nexpose cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-6493
20Csound lpci_main.c main numeric error10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2012-2107

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cardinal RAT

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1127.194.73.243Cardinal RATHigh
2127.194.87.192Cardinal RATHigh
3185.20.187.4185.20.187.4.deltahost-ptrCardinal RATHigh
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxx XxxHigh
5XXX.XX.X.XXXxxxxxxxxxxxxx.xxxXxxxxxxx XxxHigh
6XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxx-xxxXxxxxxxx XxxHigh
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxxxxx XxxHigh
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxxxxx XxxHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxHigh
5TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/?/plugin/comment/settingsHigh
2File/filemanager/upload.phpHigh
3File/forum/away.phpHigh
4File/inc/parser/xhtml.phpHigh
5File/uncpath/Medium
6File/webconsole/APIControllerHigh
7File/webmail/Medium
8Fileadclick.phpMedium
9Fileadmin.php?s=/Admin/doeditHigh
10Fileadmin/web_config.phpHigh
11Filexxxxxxx.xxxMedium
12Filexxxxx.xLow
13Filexxx_xxxxxxxxxxx_xxx_xxxx.xxxHigh
14Filexxx_xxxxxx_xxxx.xxxHigh
15Filexxxxxxxx.xxxMedium
16Filexxxx/xxxxxxxx.xHigh
17Filexxxxxx_xxxxxxxx_xxx.xxxHigh
18Filexxxxx\xxxx\xxx_xxxx\xxxx_xxxx.xxxHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
20Filexxxxx_xxxxxxxxxx.xHigh
21Filexxx/xxx/xxxxxHigh
22Filexxxxx.xxxMedium
23Filexxxxxx_xxx.xxxHigh
24Filexxxx/xxxx.xMedium
25Filexxxxxxxx.xMedium
26Filexxx.xLow
27Filexxxxx.xxxMedium
28Filexxxxxx.xMedium
29Filexxxxxxx.xxxMedium
30Filexxxxxxxx.xMedium
31Filexxxxxx/xxxxxxx.xxxHigh
32Filexxxxxxx/xxx_xxxxxx/xxxxxx.xHigh
33Filexxxxxxxx/xxxx/xxxx.xxxHigh
34Filexxxxx.xxxMedium
35Filexxxxxxxxxx.xxxHigh
36Filexxxxxx_xxxxxx.xxHigh
37Filexxxxxxxxxx.xxxxHigh
38Filexxxx_xxxxxxx.xHigh
39Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxHigh
40Filexxxxxxxxxxxx/xxxxxxx.xxxHigh
41Filexxx-xxxxxxx.xHigh
42Filexxx_xxxxxx.xMedium
43Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxHigh
44Filexxxxxxxx.xMedium
45Filexxxxx/xxxxxxxx.xHigh
46Filexxxxx/xxxxxxx.xHigh
47Filexxxxxx\xxxxxxx\xxx\xxxxxxx.xxxHigh
48Filexxxx/xxxx_xxxx.xHigh
49Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
50Filexxx_xxxxx.xMedium
51Filexx-xxxxx/xxxxx-xxxxxx.xxxHigh
52Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
53File_xxxx_xxxx.xxxHigh
54File~/xxxxx/xxxxx.xxxHigh
55Libraryxxx/xxxx/xxx/xxx.xxxHigh
56Libraryxxx/xxxxx.xMedium
57LibraryxxxxxxxLow
58Libraryxxxxxxxxx.xxxHigh
59Argument${xxx}Low
60ArgumentxxxxxxLow
61Argumentxxxxxxxxxx_xxHigh
62ArgumentxxxxxxxxxxxxxHigh
63Argumentxxxx_xxxxxMedium
64Argumentxxxx_xxxMedium
65ArgumentxxLow
66ArgumentxxxxxxLow
67ArgumentxxxxxxxxMedium
68ArgumentxxxxxxxxMedium
69ArgumentxxxxxxxLow
70Argumentx_xxLow
71ArgumentxxxxLow
72Argumentxxxxxx[xxxxxxx_xxxxxxxx]High
73ArgumentxxxxxxxxMedium
74ArgumentxxxxxxxxMedium
75Argumentxxxx_xxxxxxMedium
76ArgumentxxxxxxxxMedium
77Argumentxxxxxxx_xxMedium
78Argumentxxxxxxx_xxxxMedium
79ArgumentxxxxxxxxxxxxxxHigh
80ArgumentxxxxxxxLow
81ArgumentxxxxxLow
82ArgumentxxxLow
83ArgumentxxxLow
84ArgumentxxxxxxxxMedium
85ArgumentxxxxxxxxxxxxxxxxxHigh
86Argumentx-xxxxxxxxx-xxxHigh
87Argument_xxxxLow
88Input Value-<xxxxxx>Medium
89Network Portxxx/xxxxMedium

References (1)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!