CyberCartel Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en30
zh20
ja2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China30
US: USA24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CyberCartel3
Sliver1
RisePro1
UAC-00501

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Programming Language Software6
Smartphone Operating System4
Connectivity Software2
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Cisco4
Google4
Citrix2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP Simple Shop4
Google Android4
Citrix ADC2
Citrix Gateway2
Oracle WebLogic Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Danfoss AK-EM100 os command injection9.29.1$0-$5k$0-$5kNot definedNot defined 0.006890.00CVE-2023-25911
2Apache Tomcat information disclosure4.03.8$0-$5k$0-$5kNot definedOfficial fix 0.000740.00CVE-2011-2204
3Thymeleaf/spring-boot-admin HTML File sandbox6.06.0$0-$5k$0-$5kNot definedNot defined 0.000970.05CVE-2023-38286
4jsoniter JSON String denial of service6.36.2$0-$5k$0-$5kNot definedNot defined 0.000000.00CVE-2021-23441
5Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection3.53.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000790.09CVE-2024-3366
6j4k0xb webcrack path traversal7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.000160.00CVE-2024-43373
7Kingsoft WPS Office Hyperlink promecefpluginhost.exe path traversal7.87.8$0-$5k$0-$5kAttackedNot definedverified0.251730.08CVE-2024-7262
8Super Easy Enterprise Management System DlgGridSet.html cross site scripting4.94.8$0-$5k$0-$5kNot definedNot defined 0.001520.00CVE-2024-42678
9Celsius Benelux ComfortKey file inclusion6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.006410.06CVE-2024-27120
10wurmlab sequenceserver HTTP Endpoint command injection9.89.7$0-$5k$0-$5kNot definedOfficial fix 0.006100.00CVE-2024-42360
11Huizhi Enterprise Resource Management System DNPageAjaxPostBack Upload unrestricted upload8.07.9$0-$5k$0-$5kNot definedNot defined 0.011420.00CVE-2024-42676
12Rockwell Automation ControlLogix 5580/GuardLogix 5580 unusual condition7.57.3$0-$5k$0-$5kNot definedOfficial fix 0.001400.00CVE-2024-40619
13Zoom Workplace Desktop App information disclosure4.24.1$0-$5k$0-$5kNot definedOfficial fix 0.001820.00CVE-2024-39824
14SECOM Dr.ID Access Control System sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.006810.00CVE-2024-7731
15Google Android WorkSource certificate validation7.37.2$25k-$100k$5k-$25kAttackedOfficial fixverified0.037210.02CVE-2023-20963
16Qualcomm WSA8835 Sectools Fuse Comparison memory corruption8.38.2$0-$5k$0-$5kNot definedOfficial fix 0.000620.06CVE-2023-21671
17Trane Tracer SC/Tracer SC+/Tracer Concierge Code Syntax code injection8.38.3$0-$5k$0-$5kNot definedNot defined 0.002840.00CVE-2021-38450
18Danfoss AK-EM100 cross site scripting6.26.2$0-$5k$0-$5kNot definedNot defined 0.001050.00CVE-2023-22582
19Danfoss AK-EM100 Login Form sql injection9.09.0$0-$5k$0-$5kNot definedNot defined 0.000730.00CVE-2023-22583
20Danfoss AK-SM800A Web Report improper authentication6.86.8$0-$5k$0-$5kNot definedNot defined 0.001080.00CVE-2023-25913

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1104.156.149.33CyberCartel04/08/2024verifiedHigh
2XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/08/2024verifiedHigh
3XXX.XX.XX.XXXXxxxxxxxxxx04/08/2024verifiedHigh
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/08/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/manage_user.phppredictiveHigh
2File/nssys/common/UploadpredictiveHigh
3File/WebSet/DlgGridSet.htmlpredictiveHigh
4Fileadmin/login.phppredictiveHigh
5Filexxxxx/xxxx.xxxpredictiveHigh
6Filexxxxxxx_xxxxxxxxx_xxxx.xxxpredictiveHigh
7Filexxx/xxx/xxx/xxxx/xxxx/xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxxxxxx/xxxx/xxxxxxx/xxxxxxxx.xpredictiveHigh
9Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx_xxxxxx.xxxpredictiveHigh
13Filexxx/xxx/xxxxxxx_x.xpredictiveHigh
14Filexxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Argumentxxx_xxxxpredictiveMedium
17Argumentxxxxxxxxxxx/xxxxxxxxxxxxx/xxxx_xxxxx_xxxxpredictiveHigh
18ArgumentxxxxxpredictiveLow
19ArgumentxxpredictiveLow
20ArgumentxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxxxpredictiveMedium
23Argumentxxx_xxxxxx_xxxxxxx_xxxx_xxxxpredictiveHigh
24Argumentxxxx_xxpredictiveLow
25Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!