CrackedCantil Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en222
ru22
es12
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA130
DE: Germany72
RU: Russia8
FR: France2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CrackedCantil6
Stealc5
Cobalt Strike4
RedLine Stealer4
Amadey4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Content Management System16
Operating System10
Web Browser8
Forum Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
Microsoft8
IBM8
Mozilla6
SourceCodester6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox6
Google Android4
PHPepperShop4
Active Test4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.33
2Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000000.61
3Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.943780.02CVE-2023-4966
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042772.45CVE-2006-6168
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000001.63
6SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.010202.35CVE-2022-28959
7PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.20CVE-2007-0529
8SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.10CVE-2023-1503
9PHP Scripts Mall Multi Language Olx Clone Script cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.004680.00CVE-2018-6845
10System Dashboard Plugin sd_option_value authorization4.34.2$0-$5k$0-$5kNot definedNot defined 0.001520.00CVE-2023-5713
11DZCP Witze Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.006630.08CVE-2012-5000
12TOTOLINK A860R downloadFile.cgi command injection7.67.5$0-$5k$0-$5kNot definedNot defined 0.014540.00CVE-2022-40475
13Corel ActiveCGM Browser ActiveX Control acgm.dll memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.107950.00CVE-2007-2921
14IBM Tivoli Directory Server Web Administration Tool information disclosure7.57.2$5k-$25k$0-$5kNot definedOfficial fix 0.001840.00CVE-2015-1977
15ZKTeco ZKBio Time Image File photo direct request3.73.6$0-$5k$0-$5kProof-of-ConceptWorkaround 0.000700.00CVE-2024-11049
16phpipam sql injection5.95.8$0-$5k$0-$5kNot definedOfficial fix 0.000640.00CVE-2023-1211
17ZKTeco BioTime system-group-add cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000210.20CVE-2024-6523
18OpenSSH Signal grace_alarm_handler regreSSHion race condition8.17.8$5k-$25k$0-$5kProof-of-ConceptOfficial fixpossible0.555670.08CVE-2024-6387
19VMware vCenter Server DCERPC Protocol out-of-bounds write9.89.7$100k and more$25k-$100kHighOfficial fixverified0.919170.00CVE-2023-34048
20Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002540.20CVE-2014-100038

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.42.64.41CrackedCantil02/01/2024verifiedHigh
213.32.121.85server-13-32-121-85.fra60.r.cloudfront.netCrackedCantil02/01/2024verifiedMedium
318.66.142.79server-18-66-142-79.fra60.r.cloudfront.netCrackedCantil02/01/2024verifiedMedium
4XX.XX.XXX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
5XXX.XX.XX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
7XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxx02/01/2024verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
9XXX.XXX.X.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
11XXX.XXX.XX.XXxxxxxxxxxxxx02/01/2024verifiedHigh
12XXX.XXX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/advanced-tools/nova/bin/netwatchpredictiveHigh
3File/auth_files/photo/predictiveHigh
4File/cgi-bin/downloadFile.cgipredictiveHigh
5File/cgi-bin/system_mgr.cgipredictiveHigh
6File/client/campaign_track.phppredictiveHigh
7File/forum/away.phppredictiveHigh
8File/oauth/idp/.well-known/openid-configurationpredictiveHigh
9File/spip.phppredictiveMedium
10File/userLogin.asppredictiveHigh
11Filead.cgipredictiveLow
12Fileaddguest.cgipredictiveMedium
13Fileadmin/addProxyConnector_commit.actionpredictiveHigh
14Fileadmin/admin_index.phppredictiveHigh
15Fileaff_news.phppredictiveMedium
16Fileallmanageup.plpredictiveHigh
17Fileamadmin.plpredictiveMedium
18Filexxx-xx-xxx/xxx_xxx/xxx_xxxx.xpredictiveHigh
19Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxx_xxxxx.xxxpredictiveHigh
26Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
28Filexxx_xxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxx_xxxxx.xxxpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
39Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
40Filexxxxxxx.xxpredictiveMedium
41Filexxxxxxxx-xxxxx-xxx-xxxxxxx.xxpredictiveHigh
42Filexxxxxxx-xxxxxxx.xxxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxx/xxxx.xxxpredictiveHigh
46Filexxxxxxx.xxx_predictiveMedium
47Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxxpredictiveMedium
50Filexxxxx.xxxpredictiveMedium
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
53Filexxxxx/xxxxx.xxxpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxx/xxxxxxxxxxx.xxpredictiveHigh
58Filexxxxxxxx.xxpredictiveMedium
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxx/xxxxxx:xxxxxxxxxxxxxxxxxpredictiveHigh
62Filexxx-xxxxxxxx.xxpredictiveHigh
63Filexxx_xxxx.xxxpredictiveMedium
64Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
71Filexxxx_xxxxxxxx.xxxpredictiveHigh
72Filexxxx_xxxxxx.xxxpredictiveHigh
73Filexxxx/xxxxx/xxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
74Filexxxx/xxxxx/xxxx_xxxxxx_xxxx.xxxpredictiveHigh
75Filexxxx/xxxxxxx.xxxpredictiveHigh
76Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
77Filexxxx_xxxx.xxxpredictiveHigh
78Filexxxxx.xxxpredictiveMedium
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
81Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxxx-xxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxxxx.xxxpredictiveHigh
85Filexxx-xxxxx.xxxpredictiveHigh
86Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
87Filexx-xxxxx/xxxx.xxxpredictiveHigh
88Filexxxxx_xxx/xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveHigh
89Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
90Libraryxxxx.xxxpredictiveMedium
91Libraryxxx-xx-xxx/xxx_xxx/xxx_xxxx.xpredictiveHigh
92Libraryxxxxxxx.xxxpredictiveMedium
93Argumentxxx_xxxxpredictiveMedium
94ArgumentxxxxxxxxxpredictiveMedium
95ArgumentxxxxxpredictiveLow
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxpredictiveLow
98Argumentxxxx_xxxxpredictiveMedium
99Argumentxxxxxxxx/xxxxxxpredictiveHigh
100ArgumentxxxxxxxpredictiveLow
101ArgumentxxxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
103ArgumentxxxxxpredictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxpredictiveLow
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxxpredictiveLow
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxpredictiveLow
111Argumentxxxxx_xxxpredictiveMedium
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxpredictiveLow
114Argumentxxxxxxxxx_xxxxxxxxxxxxxxpredictiveHigh
115ArgumentxxpredictiveLow
116Argumentxx_xxxxpredictiveLow
117ArgumentxxxxxxxxxxxxpredictiveMedium
118ArgumentxxxxxxxxxxxxpredictiveMedium
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122ArgumentxxxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126Argumentxxxx_xxxxpredictiveMedium
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxxpredictiveLow
130ArgumentxxxpredictiveLow
131ArgumentxxxxxpredictiveLow
132ArgumentxxxxpredictiveLow
133Argumentxxxx/xxxx/xxxpredictiveHigh
134ArgumentxxxxxxxxpredictiveMedium
135Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
136Argumentxxxxxxxxxxx[xxxxxxxx]predictiveHigh
137Argumentxx-xxxxxx_xxxxpredictiveHigh
138Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
139Input Value<xxxxxxxx>\xpredictiveMedium
140Input Value<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
141Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
142Network Portxxxx xxxxpredictiveMedium
143Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!