Cardinal RAT Analysis

IOB - Indicator of Behavior (278)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en190
fr48
it30
pl4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us180
cr70
ru12
ar12
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dahuasecurity Dvr54088
Qualcomm Snapdragon Mobile8
Google Android8
IBM Financial Transaction Manager6
Adobe Flash Player6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.59CVE-2007-0354
3Foxit PhantomPDF fxhtml2pdf memory corruption7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.008350.00CVE-2018-17706
4Qualcomm Snapdragon Mobile WLAN memory corruption6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2018-11875
5Qualcomm Snapdragon Mobile WLAN input validation6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2018-11873
6Qualcomm Snapdragon Mobile/Snapdragon Wear Modem Segment access control6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2017-18308
7Yammer Desktop App input validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.039290.02CVE-2018-8569
8Moxa ThingsPro command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.007360.00CVE-2018-18396
9elfutils libdw dwarf_getaranges.c dwarf_getaranges memory corruption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005720.00CVE-2018-16062
10Kraftway 24F2XG Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.010340.00CVE-2018-15353
11Google Android Qualcomm Crypto Driver access control9.39.3$25k-$100k$25k-$100kNot DefinedNot Defined0.006230.04CVE-2016-8418
12Google Android libjpeg access control7.87.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.003450.00CVE-2016-6702
13PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.26CVE-2007-0529
14Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
15phpBB XS bb_usage_stats.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.079550.02CVE-2006-4893
16PHPUnit HTTP POST eval-stdin.php code injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.974870.07CVE-2017-9841
17Intelliants Subrion CMS Members Administrator cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001500.00CVE-2020-18326
18InviteBox Plugin for Viral Refer-a-Friend Promotions Plugin Parameter admin.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-38359
19ABB Base Software for SoftControl data authenticity9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001690.02CVE-2020-24672
20Cisco Adaptive Security Device Manager Signature Verification code injection7.57.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.066720.02CVE-2021-1585

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cardinal RAT

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?/plugin/comment/settingspredictiveHigh
2File/filemanager/upload.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/inc/parser/xhtml.phppredictiveHigh
5File/uncpath/predictiveMedium
6File/webconsole/APIControllerpredictiveHigh
7File/webmail/predictiveMedium
8Fileadclick.phppredictiveMedium
9Fileadmin.php?s=/Admin/doeditpredictiveHigh
10Fileadmin/conf_users_edit.phppredictiveHigh
11Fileadmin/web_config.phppredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx.xpredictiveLow
14Filexx_xxxxx_xxxxx.xxxpredictiveHigh
15Filexxx_xxxxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
16Filexxx_xxxxxx_xxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxx.xpredictiveHigh
19Filexxxxxx_xxxxxxxx_xxx.xxxpredictiveHigh
20Filexxxxx\xxxx\xxx_xxxx\xxxx_xxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxx_xxxxxxxxxx.xpredictiveHigh
23Filexxx/xxx/xxxxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx_xxx.xxxpredictiveHigh
26Filexxxx/xxxx.xpredictiveMedium
27Filexxxxxxxx.xpredictiveMedium
28Filexxx.xpredictiveLow
29Filexxxxx.xxxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxx.xpredictiveMedium
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xpredictiveMedium
34Filexxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxxxxx/xxx_xxxxxx/xxxxxx.xpredictiveHigh
36Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxx_xxxxxx.xxpredictiveHigh
40Filexxxxxxxxxx.xxxxpredictiveHigh
41Filexxxx_xxxxxxx.xpredictiveHigh
42Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
43Filexxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxx-xxxxxxx.xpredictiveHigh
45Filexxx_xxxxxx.xpredictiveMedium
46Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx.xpredictiveMedium
48Filexxxxx/xxxxxxxx.xpredictiveHigh
49Filexxxxx/xxxxxxx.xpredictiveHigh
50Filexxxxxx\xxxxxxx\xxx\xxxxxxx.xxxpredictiveHigh
51Filexxxx/xxxx_xxxx.xpredictiveHigh
52Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
53Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
54Filexxx_xxxxx.xpredictiveMedium
55Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
56Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
57File_xxxx_xxxx.xxxpredictiveHigh
58File~/xxxxx/xxxxx.xxxpredictiveHigh
59Libraryxxx/xxxx/xxx/xxx.xxxpredictiveHigh
60Libraryxxx/xxxxx.xpredictiveMedium
61LibraryxxxxxxxpredictiveLow
62Libraryxxxxxxxxx.xxxpredictiveHigh
63Argument${xxx}predictiveLow
64ArgumentxxxxxxpredictiveLow
65Argumentxxxxxxxxxx_xxpredictiveHigh
66ArgumentxxxxxxxxxxxxxpredictiveHigh
67Argumentxxxx_xxxxxpredictiveMedium
68Argumentxxxx_xxxpredictiveMedium
69ArgumentxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxpredictiveLow
74Argumentx_xxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxxxx[xxxxxxx_xxxxxxxx]predictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79Argumentxxxxx_xxxx_xxxxpredictiveHigh
80Argumentxxxx_xxxxxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxxxxx_xxpredictiveMedium
83Argumentxxxxxxx_xxxxpredictiveMedium
84ArgumentxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxxxxpredictiveLow
86ArgumentxxxxxpredictiveLow
87ArgumentxxxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
91Argumentx-xxxxxxxxx-xxxpredictiveHigh
92Argument_xxxxpredictiveLow
93Input Value-<xxxxxx>predictiveMedium
94Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!