Dark Caracal Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (431)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en334
zh88
de4
es2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos304
CN: China36
US: USA34
CZ: Czech Republic24
MY: Malaysia16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
AsyncRAT9
Remcos8
Ave Maria8
Dark Caracal7

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined158
Content Management System30
Operating System14
WordPress Plugin14
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined142
Microsoft24
Oracle16
Apache14
Adobe8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Microsoft Exchange Server8
WordPress8
Revive Adserver8
Moodle6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix
 
0.042776.43CVE-2006-6168
2Synacor Zimbra Collaboration mboximport pathname traversal5.95.8$0-$5k$0-$5kHighOfficial fixverified0.943060.00CVE-2022-27925
3DEXT5 DEXT5Upload dext5handler.jsp unrestricted upload8.58.5$0-$5k$0-$5kNot definedNot defined
 
0.026470.00CVE-2020-13442
4DEXT5Upload dext5handler.jsp pathname traversal4.34.3$0-$5k$0-$5kNot definedNot defined
 
0.004310.04CVE-2020-35362
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fix
 
0.869682.10CVE-2020-15906
6Leo Khoa Laragon file_upload.php unrestricted upload8.08.0$0-$5k$0-$5kNot definedNot defined
 
0.016450.02CVE-2024-0864
7Adobe ColdFusion access control7.47.2$0-$5k$0-$5kNot definedOfficial fix
 
0.879190.00CVE-2023-26347
8CodeIgniter old deserialization6.66.5$0-$5k$0-$5kNot definedOfficial fix
 
0.108660.05CVE-2022-21647
9AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot definedNot defined
 
0.015650.43CVE-2020-35176
10LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable
 
0.000000.53
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix
 
0.009700.18CVE-2010-0966
12nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined
 
0.000000.36CVE-2020-12440
13FasterXML jackson-databind input validation9.89.2$0-$5k$0-$5kNot definedOfficial fix
 
0.070820.03CVE-2019-14540
14Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial fix
 
0.107230.02CVE-2011-1571
15Apache ZooKeeper SASL Quorum Peer Authentication authorization7.37.2$5k-$25k$0-$5kNot definedOfficial fix
 
0.004810.11CVE-2023-44981
16Totolink N200RE cstecgi.cgi loginAuth stack-based overflow7.26.8$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.002430.04CVE-2024-1004
177-Zip Zstandard Decompression integer underflow7.37.2$0-$5k$0-$5kNot definedOfficial fix
 
0.263510.04CVE-2024-11477
18EyouCMS Backend login.php deserialization4.74.5$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.003620.08CVE-2024-3431
19KOHA MARC search.pl cross site scripting4.14.1$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.002080.04CVE-2023-5025
20CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot definedNot defined
 
0.000560.08CVE-2022-40835

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
174.208.167.252Dark Caracal12/16/2020verifiedLow
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal12/16/2020verifiedLow
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx12/16/2020verifiedLow
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx12/16/2020verifiedLow
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
8XXX.XXX.XXX.XXXXxxx Xxxxxxx12/16/2020verifiedLow
9XXX.XXX.XXX.XXXxxx Xxxxxxx12/16/2020verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (209)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/admin/file_manager/exportpredictiveHigh
3File/admin/index2.htmlpredictiveHigh
4File/adminPage/conf/reloadpredictiveHigh
5File/api/baskets/{name}predictiveHigh
6File/api/cron/settings/setJob/predictiveHigh
7File/api/v2/cli/commandspredictiveHigh
8File/api2/html/predictiveMedium
9File/apply.cgipredictiveMedium
10File/bitrix/admin/ldap_server_edit.phppredictiveHigh
11File/cgi-bin/cstecgi.cgipredictiveHigh
12File/cgi-bin/koha/catalogue/search.plpredictiveHigh
13File/dede/sys_sql_query.phppredictiveHigh
14File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
15File/DXR.axdpredictiveMedium
16File/forum/away.phppredictiveHigh
17File/index/ajax/langpredictiveHigh
18File/log/decodmail.phppredictiveHigh
19File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
20File/log_proxypredictiveMedium
21File/mailcleaner.php/getStatspredictiveHigh
22File/mfsNotice/pagepredictiveHigh
23File/novel/bookSetting/listpredictiveHigh
24File/novel/userFeedback/listpredictiveHigh
25File/xxx/xxxx/xxxxx.xxxxpredictiveHigh
26File/xxxxxxxx.xxxpredictiveHigh
27File/xxxx.xxxpredictiveMedium
28File/xxxxxxx/xxx/xxxxxxxxxx.xxxx?xxxxxx=xxxxxxxxxxpredictiveHigh
29File/xxx/xxx/xxxxxxpredictiveHigh
30File/x_xxxxxx_xxxxxxxx_xxxxxxx/xxxxx/xxxxxx/xxxx?x=x.x.x-x-xxxxxxxpredictiveHigh
31File/xx/xxxxx.xxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
34Filexxxxx/xxxx-xxxxxxx/xxxxxxxxxxxpredictiveHigh
35Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxx.xxpredictiveMedium
39Filexxxxxxx/xxxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
40Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
43Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
44Filexxxx_xxxxxxx.xxxpredictiveHigh
45Filexxx-xxx/xxxxxxx.xxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
48Filexxx_xxxxx.xxxpredictiveHigh
49Filexxxxx-xxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
53Filexxxxxxxxxxx.xxxpredictiveHigh
54Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxx-xxxxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
61Filexxxx_xxxxxx.xxxpredictiveHigh
62Filexxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexxxxx_xxxxxxxx.xxxpredictiveHigh
65Filexxxxx_xxxx.xxxpredictiveHigh
66Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
69Filexxx/xxxxxx.xxxpredictiveHigh
70Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
71Filexxxxx.xxxxpredictiveMedium
72Filexxxxx.xxxpredictiveMedium
73Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
74Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
75Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
76Filexxx.xpredictiveLow
77Filexxxx_xxxxxxx.xxxpredictiveHigh
78Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
79Filexxxxx.xxxxpredictiveMedium
80Filexxxxx.xxxpredictiveMedium
81Filexxxx.xxxxpredictiveMedium
82Filexx_xxxx.xpredictiveMedium
83Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
84Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
85Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
86Filexxxxxxx_xxxx.xxxpredictiveHigh
87Filexxxxxx.xxxpredictiveMedium
88Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxx.xxxpredictiveMedium
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
92Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
93Filexxxxxxx_xxxx.xxxpredictiveHigh
94Filexxxxx.xxxpredictiveMedium
95Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
96Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
97Filexxxx.xxxpredictiveMedium
98Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
99Filexxxx_xxxxx.xxxxpredictiveHigh
100Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
102Filexxx/xxxx/xxxxpredictiveHigh
103Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
104Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
105Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
106Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
107Filexxxx_xxxxxx.xxpredictiveHigh
108Filexxxx-xxxxx.xxxpredictiveHigh
109Filexxxx-xxxxxxxx.xxxpredictiveHigh
110Filexxxxxxxx.xxxpredictiveMedium
111Filexxxxxx_xxxxx.xxxpredictiveHigh
112Filexxxxxx.xxxpredictiveMedium
113Filexxxxxxx-xxxxx.xxxpredictiveHigh
114Filexxxx_xxxxx.xxxpredictiveHigh
115Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
116Filexxxx.xxxpredictiveMedium
117Filexxxx_xxxxxxx.xxxpredictiveHigh
118Filexxxxxx.xxxpredictiveMedium
119Filexx-xxxxx/xxxx.xxxpredictiveHigh
120Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
121Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
122Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
123Filexxxx.xxxpredictiveMedium
124File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
125File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
126File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
127File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
128Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
129Libraryxxxxxxxx.xxxpredictiveMedium
130Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
131Argumentxxx_xxxpredictiveLow
132ArgumentxxxxpredictiveLow
133Argumentxxx_xxxxx_xxxxpredictiveHigh
134ArgumentxxxxxxxxxpredictiveMedium
135Argumentx_xxxxpredictiveLow
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxxxx xxxxxxx xxxx xxxxpredictiveHigh
138Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
139Argumentxxxxx_xxxxpredictiveMedium
140Argumentxxxx_xxx_xxxxpredictiveHigh
141ArgumentxxxxxxxxxxpredictiveMedium
142Argumentxxxxxxx_xxpredictiveMedium
143ArgumentxxxpredictiveLow
144ArgumentxxxxxxxxxxxxxxxpredictiveHigh
145ArgumentxxxxxxpredictiveLow
146ArgumentxxxxxxxxxxxxxpredictiveHigh
147Argumentxxxxxxx_xxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxpredictiveLow
150Argumentxxxxxxxxx_xxxxxxpredictiveHigh
151ArgumentxxxxxxxxxpredictiveMedium
152Argumentxx_xxxxxxxpredictiveMedium
153ArgumentxxxxpredictiveLow
154ArgumentxxxxxxxxpredictiveMedium
155Argumentxxxxxxxx/xxpredictiveMedium
156ArgumentxxxxxpredictiveLow
157ArgumentxxxxxxxxxxxxxxxpredictiveHigh
158Argumentxxxxxx_xxxxxpredictiveMedium
159Argumentxxxxxxxxx/xxxxxxpredictiveHigh
160Argumentxx_xxpredictiveLow
161Argumentxxxxxxx[xxxxxxx]predictiveHigh
162ArgumentxxxxxxxpredictiveLow
163ArgumentxxxxxxpredictiveLow
164ArgumentxxxxxpredictiveLow
165Argumentxxxxxx_xxxx_xxxpredictiveHigh
166Argumentxxxx_xxxxpredictiveMedium
167ArgumentxxpredictiveLow
168ArgumentxxxpredictiveLow
169ArgumentxxxxxxpredictiveLow
170ArgumentxxxxpredictiveLow
171ArgumentxxxxpredictiveLow
172Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxpredictiveLow
175Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
176ArgumentxxxxxxxpredictiveLow
177ArgumentxxxxpredictiveLow
178ArgumentxxxxxxxxpredictiveMedium
179ArgumentxxxxpredictiveLow
180Argumentxxxxxx_xxxxxxpredictiveHigh
181Argumentxxxxxxx xxxxpredictiveMedium
182Argumentxxxxxxxx_xxpredictiveMedium
183Argumentxxx_xxxxxxpredictiveMedium
184Argumentxxxxxx_xxxxxpredictiveMedium
185ArgumentxxxxxxxxpredictiveMedium
186ArgumentxxxxpredictiveLow
187Argumentxxxx_xxxxpredictiveMedium
188ArgumentxxxxpredictiveLow
189ArgumentxxxxxxpredictiveLow
190Argumentxxxxxx[]predictiveMedium
191ArgumentxxxpredictiveLow
192ArgumentxxxxxxxxxpredictiveMedium
193ArgumentxxxxxxpredictiveLow
194Argumentxxxxxx_xxxx[]predictiveHigh
195ArgumentxxxxxxxpredictiveLow
196ArgumentxxxpredictiveLow
197ArgumentxxxxxpredictiveLow
198Argumentxx_xxxxxxxxpredictiveMedium
199Argumentxxxxxx[xxx][xxxx]predictiveHigh
200ArgumentxxxpredictiveLow
201ArgumentxxxxxxxxpredictiveMedium
202Argument\xxxx\xxxxpredictiveMedium
203Argument_xxx_xxxxxxxxxxx_predictiveHigh
204Input Value../predictiveLow
205Input ValuexxxxxpredictiveLow
206Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
207Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
208Pattern|xx xx xx xx|predictiveHigh
209Network PortxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!