Dark Caracal Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (354)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en274
zh64
es6
ru4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos240
CN: China32
US: USA28
CZ: Czech Republic26
MY: Malaysia20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
Ave Maria7
RedLine Stealer7
Dark Caracal6
AsyncRAT6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined104
Content Management System42
WordPress Plugin20
Operating System14
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined136
Microsoft14
Apache10
Joomla6
Revive6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
WordPress8
Joomla CMS6
Revive Adserver6
Linux Kernel6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010752.09CVE-2006-6168
2Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.00CVE-2022-27925
3DEXT5 DEXT5Upload dext5handler.jsp unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.019420.00CVE-2020-13442
4DEXT5Upload dext5handler.jsp pathname traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005030.07CVE-2020-35362
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009369.43CVE-2020-15906
6CodeIgniter old deserialization6.66.5$0-$5kCalculatingNot DefinedOfficial Fix0.099900.05CVE-2022-21647
7AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.06CVE-2020-35176
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.15
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.67CVE-2010-0966
10nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.45CVE-2020-12440
11FasterXML jackson-databind input validation9.89.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004100.04CVE-2019-14540
12Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009950.04CVE-2011-1571
13Matomo Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2023-6923
14SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.66CVE-2022-28959
15Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
16LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
17WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
18ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
19request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.094300.05CVE-2023-27163
20PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.00CVE-2007-1287

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
174.208.167.252Dark Caracal12/16/2020verifiedLow
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal12/16/2020verifiedLow
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx12/16/2020verifiedLow
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx12/16/2020verifiedLow
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx12/16/2020verifiedLow
8XXX.XXX.XXX.XXXXxxx Xxxxxxx12/16/2020verifiedLow
9XXX.XXX.XXX.XXXxxx Xxxxxxx12/16/2020verifiedLow

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (169)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/admin/index2.htmlpredictiveHigh
3File/adminPage/conf/reloadpredictiveHigh
4File/api/baskets/{name}predictiveHigh
5File/api/v2/cli/commandspredictiveHigh
6File/apply.cgipredictiveMedium
7File/dede/sys_sql_query.phppredictiveHigh
8File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
9File/DXR.axdpredictiveMedium
10File/forum/away.phppredictiveHigh
11File/mfsNotice/pagepredictiveHigh
12File/novel/bookSetting/listpredictiveHigh
13File/novel/userFeedback/listpredictiveHigh
14File/owa/auth/logon.aspxpredictiveHigh
15File/register.phppredictiveHigh
16File/spip.phppredictiveMedium
17File/usr/bin/pkexecpredictiveHigh
18File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
19File/zm/index.phppredictiveHigh
20Fileadclick.phppredictiveMedium
21Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxx-xxxxxxx/xxxxxxxxxxxpredictiveHigh
23Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxpredictiveMedium
27Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
30Filexxxx_xxxxxxx.xxxpredictiveHigh
31Filexxx-xxx/xxxxxxx.xxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
34Filexxxxx-xxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
38Filexxxxxxxxxxx.xxxpredictiveHigh
39Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxx-xxxxxx.xxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxx_xxxxxxxx.xxxpredictiveHigh
46Filexxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
51Filexxxxx.xxxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
54Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
55Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
56Filexxx.xpredictiveLow
57Filexxxx_xxxxxxx.xxxpredictiveHigh
58Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
59Filexxxxx.xxxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxx.xxxxpredictiveMedium
62Filexx_xxxx.xpredictiveMedium
63Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
64Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
65Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
66Filexxxxxxx_xxxx.xxxpredictiveHigh
67Filexxxxxx.xxxpredictiveMedium
68Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
71Filexxxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
76Filexxxx_xxxxx.xxxxpredictiveHigh
77Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
79Filexxx/xxxx/xxxxpredictiveHigh
80Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
81Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
82Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxx.xxpredictiveHigh
85Filexxxx-xxxxx.xxxpredictiveHigh
86Filexxxx-xxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxx.xxxpredictiveMedium
88Filexxxxxx_xxxxx.xxxpredictiveHigh
89Filexxxxxx.xxxpredictiveMedium
90Filexxxxxxx-xxxxx.xxxpredictiveHigh
91Filexxxx_xxxxx.xxxpredictiveHigh
92Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
93Filexxxx.xxxpredictiveMedium
94Filexx-xxxxx/xxxx.xxxpredictiveHigh
95Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
96Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
97Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
98Filexxxx.xxxpredictiveMedium
99File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
100File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
101File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
102File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
103Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
104Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
105Argumentxxx_xxxpredictiveLow
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
110Argumentxxxxx_xxxxpredictiveMedium
111Argumentxxxx_xxx_xxxxpredictiveHigh
112ArgumentxxxxxxxxxxpredictiveMedium
113ArgumentxxxpredictiveLow
114ArgumentxxxxxxxxxxxxxxxpredictiveHigh
115ArgumentxxxxxxpredictiveLow
116ArgumentxxxxxxxxxxxxxpredictiveHigh
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxpredictiveLow
119Argumentxxxxxxxxx_xxxxxxpredictiveHigh
120ArgumentxxxxxxxxxpredictiveMedium
121Argumentxx_xxxxxxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxxxxxxxxxxxxpredictiveHigh
126Argumentxxxxxx_xxxxxpredictiveMedium
127Argumentxxxxxxxxx/xxxxxxpredictiveHigh
128Argumentxx_xxpredictiveLow
129Argumentxxxxxxx[xxxxxxx]predictiveHigh
130ArgumentxxxxxxxpredictiveLow
131ArgumentxxxxxxpredictiveLow
132ArgumentxxxxxpredictiveLow
133Argumentxxxxxx_xxxx_xxxpredictiveHigh
134ArgumentxxpredictiveLow
135ArgumentxxxpredictiveLow
136ArgumentxxxxxxpredictiveLow
137ArgumentxxxxpredictiveLow
138ArgumentxxxxpredictiveLow
139Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxpredictiveLow
142Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxxxxpredictiveMedium
146Argumentxxxxxx_xxxxxxpredictiveHigh
147Argumentxxxxxxx xxxxpredictiveMedium
148Argumentxxxxxxxx_xxpredictiveMedium
149Argumentxxx_xxxxxxpredictiveMedium
150Argumentxxxxxx_xxxxxpredictiveMedium
151ArgumentxxxxxxxxpredictiveMedium
152Argumentxxxx_xxxxpredictiveMedium
153ArgumentxxxxpredictiveLow
154ArgumentxxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156Argumentxxxxxx_xxxx[]predictiveHigh
157ArgumentxxxxxxxpredictiveLow
158ArgumentxxxpredictiveLow
159ArgumentxxxxxpredictiveLow
160Argumentxx_xxxxxxxxpredictiveMedium
161ArgumentxxxpredictiveLow
162ArgumentxxxxxxxxpredictiveMedium
163Argument\xxxx\xxxxpredictiveMedium
164Argument_xxx_xxxxxxxxxxx_predictiveHigh
165Input ValuexxxxxpredictiveLow
166Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
167Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
168Pattern|xx xx xx xx|predictiveHigh
169Network PortxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!