Cardinal RAT Analysisinfo

IOB - Indicator of Behavior (307)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en228
fr44
it24
es4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android10
Qualcomm Snapdragon Mobile10
Qualcomm Snapdragon Wear8
Adobe Flash Player8
Foxit Reader6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.15CVE-2007-0354
3Foxit PhantomPDF fxhtml2pdf memory corruption7.57.5$0-$5k$0-$5kNot definedNot defined 0.005410.00CVE-2018-17706
4Qualcomm Snapdragon Mobile WLAN memory corruption6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.000350.06CVE-2018-11875
5Qualcomm Snapdragon Mobile WLAN input validation6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.000330.02CVE-2018-11873
6Qualcomm Snapdragon Mobile/Snapdragon Wear Modem Segment access control6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.002070.00CVE-2017-18308
7Yammer Desktop App input validation7.57.5$0-$5k$0-$5kNot definedNot defined 0.241980.00CVE-2018-8569
8Moxa ThingsPro command injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.020020.00CVE-2018-18396
9elfutils libdw dwarf_getaranges.c dwarf_getaranges memory corruption6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.000900.02CVE-2018-16062
10Kraftway 24F2XG Web Interface memory corruption8.58.5$0-$5k$0-$5kNot definedNot defined 0.036180.00CVE-2018-15353
11Google Android Qualcomm Crypto Driver access control9.39.3$25k-$100k$25k-$100kNot definedNot defined 0.044310.05CVE-2016-8418
12Google Android libjpeg access control7.87.6$25k-$100k$5k-$25kNot definedOfficial fix 0.016000.06CVE-2016-6702
13D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow8.88.4$25k-$100k$0-$5kProof-of-ConceptNot defined 0.000001.81CVE-2025-6881
14IBM Informix Dynamic Server integer underflow7.57.3$5k-$25k$5k-$25kNot definedOfficial fix 0.000940.17CVE-2025-1991
15Linux Kernel hugetlb huge_pmd_unshare memory corruption8.07.6$5k-$25k$5k-$25kNot definedOfficial fix 0.000240.15CVE-2025-38085
16Linux Kernel HugeTLB Page __split_vma memory corruption8.07.6$5k-$25k$5k-$25kNot definedOfficial fix 0.000300.15CVE-2025-38084
17Cisco Identity Services Engine Software API injection8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.001090.09CVE-2025-20281
18DragonflyDB Dragonfly lua_struct.C integer overflow8.88.4$0-$5k$0-$5kNot definedOfficial fix 0.000470.03CVE-2025-52935
19Netgear EX6150 sub_410090 stack-based overflow8.88.0$25k-$100k$0-$5kProof-of-ConceptNot defined 0.001881.08CVE-2025-6511
20Netgear EX6100 sub_415EF8 stack-based overflow8.88.0$25k-$100k$0-$5kProof-of-ConceptNot defined 0.001881.31CVE-2025-6510

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cardinal RAT

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?/plugin/comment/settingspredictiveHigh
2File/filemanager/upload.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/goform/formSetACLFilterpredictiveHigh
5File/goform/openSchedWifipredictiveHigh
6File/inc/parser/xhtml.phppredictiveHigh
7File/php_action/fetchSelectedCategories.phppredictiveHigh
8File/pppoe_base.asppredictiveHigh
9File/routing/goform/aspFormpredictiveHigh
10File/transactionsave.phppredictiveHigh
11File/uncpath/predictiveMedium
12File/webconsole/APIControllerpredictiveHigh
13File/webmail/predictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx.xxx?x=/xxxxx/xxxxxxpredictiveHigh
16Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
17Filexxxxx/xxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxx.xpredictiveLow
20Filexx_xxxxx_xxxxx.xxxpredictiveHigh
21Filexxx_xxxxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
22Filexxx_xxxxxx_xxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxx/xxxxxxxx.xpredictiveHigh
25Filexxxxxx_xxxxxxxx_xxx.xxxpredictiveHigh
26Filexxxxx\xxxx\xxx_xxxx\xxxx_xxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx_xxxxxxxxxx.xpredictiveHigh
29Filexxx/xxx/xxxxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxx_xxx.xxxpredictiveHigh
32Filexxxx/xxxx.xpredictiveMedium
33Filexxxxxxxx.xpredictiveMedium
34Filexxx.xpredictiveLow
35Filexxx.xpredictiveLow
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx.xpredictiveMedium
40Filexxxxxxx.xxxpredictiveMedium
41Filexxx_xxxxxx.xpredictiveMedium
42Filexxxxxxxx.xpredictiveMedium
43Filexxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxx_xxxxxx/xxxxxx.xpredictiveHigh
45Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx_xxxxxx.xxpredictiveHigh
49Filexxxxxxxxxx.xxxxpredictiveHigh
50Filexxxx_xxxxxxx.xpredictiveHigh
51Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
52Filexxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
53Filexxx-xxxxxxx.xpredictiveHigh
54Filexxx_xxxxxx.xpredictiveMedium
55Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xpredictiveMedium
57Filexxxxx/xxxxxxxx.xpredictiveHigh
58Filexxxxx/xxxxxxx.xpredictiveHigh
59Filexxxxxx\xxxxxxx\xxx\xxxxxxx.xxxpredictiveHigh
60Filexxxx/xxxx_xxxx.xpredictiveHigh
61Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
62Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
63Filexxx_xxxxx.xpredictiveMedium
64Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
65Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
66Filexx-xxxxxxxxx.xxxpredictiveHigh
67File_xxxx_xxxx.xxxpredictiveHigh
68File~/xxxxx/xxxxx.xxxpredictiveHigh
69Libraryxxx/xxxx/xxx/xxx.xxxpredictiveHigh
70Libraryxxx/xxxxx.xpredictiveMedium
71LibraryxxxxxxxpredictiveLow
72Libraryxxxxxxxxx.xxxpredictiveHigh
73Argument${xxx}predictiveLow
74ArgumentxxxxxxpredictiveLow
75Argumentxxxxxxxxxx_xxpredictiveHigh
76ArgumentxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxxxxxpredictiveMedium
78Argumentxxxxxxx-xxxxxxpredictiveHigh
79Argumentxxxx_xxxxxpredictiveMedium
80ArgumentxxxxxxxpredictiveLow
81Argumentxxxx_xxxpredictiveMedium
82ArgumentxxxpredictiveLow
83ArgumentxxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxx_xxxxxxxx_%x/xxxxx_xxxx_%xpredictiveHigh
88ArgumentxxxxxxxpredictiveLow
89Argumentxxxxxx_xxpredictiveMedium
90Argumentx_xxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxpredictiveLow
93Argumentxxxxxx[xxxxxxx_xxxxxxxx]predictiveHigh
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxpredictiveMedium
96Argumentxxxxx_xxxx_xxxxpredictiveHigh
97Argumentxxxx_xxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxxxxx_xxpredictiveMedium
100Argumentxxxxxxx_xxxxpredictiveMedium
101Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
102ArgumentxxxxxxxxxxxxxxpredictiveHigh
103Argumentxx_xxpredictiveLow
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106ArgumentxxxpredictiveLow
107ArgumentxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
110Argumentx-xxxxxxxxx-xxxpredictiveHigh
111Argument_xxxxpredictiveLow
112Input Value-<xxxxxx>predictiveMedium
113Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!