Dark Caracal Analysis

IOB - Indicator of Behavior (169)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en138
zh26
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la86
cn28
us26
cz26
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Synacor Zimbra Collaboration6
Netgear WNR2000v54
Joomla CMS4
Moodle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.14469CVE-2022-27925
2Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.120.20307CVE-2011-1571
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
4Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.010.01103CVE-2023-21735
5Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.10855CVE-2021-27182
6CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000CVE-2019-1010042
7SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.050.01055CVE-2019-14315
8AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01018CVE-2020-35176
9Check Point Mobile Access/SSL VPN Portal Agent os command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2021-30358
10Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2021-29114
11Oracle Database 11g Enterprise Manager access control7.37.3$5k-$25k$0-$5kHighNot Defined0.020.60019CVE-2012-1675
12Liferay Portal Velocity Template access control7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01232CVE-2010-5327
13JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02945CVE-2010-5048
14Microsoft Exchange Server Privilege Escalation8.37.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00885CVE-2023-21764
15SalesForce Tableau Server Administration Agent path traversal8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2022-22128
16Strapi Admin Panel authorization5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00890CVE-2021-28128
17Xampp Installation default permission6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.01086CVE-2022-29376
18CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-40835
19ZZZCMS zzzphp File Upload unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-16720
20M-Files Server/Web excessive authentication5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-41807

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (81)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/api/v2/cli/commandspredictiveHigh
3File/apply.cgipredictiveMedium
4File/spip.phppredictiveMedium
5File/usr/bin/pkexecpredictiveHigh
6Fileadmin.jcomments.phppredictiveHigh
7Fileadmin/file-manager/attachmentspredictiveHigh
8Fileapplication/modules/admin/views/ecommerce/products.phppredictiveHigh
9Fileapply.cgipredictiveMedium
10Filearchivejson.cgipredictiveHigh
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxx-xxx/xxxxxxx.xxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxx-xxxxxx.xxxpredictiveHigh
17Filexxxx.xxxpredictiveMedium
18Filexxxxx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
24Filexxx.xpredictiveLow
25Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexx_xxxx.xpredictiveMedium
28Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
29Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
30Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
31Filexxxxxxx_xxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxx.xxxxpredictiveHigh
35Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx-xxxxx.xxxpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxxx-xxxxx.xxxpredictiveHigh
41Filexx-xxxxx/xxxx.xxxpredictiveHigh
42Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
44File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
45File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
46File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
47File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
48Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
51Argumentxxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53ArgumentxxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxpredictiveLow
55ArgumentxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxxpredictiveLow
57Argumentxxxxxxxxx_xxxxxxpredictiveHigh
58ArgumentxxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxxxx[xxxxxxx]predictiveHigh
62Argumentxxxxxx_xxxx_xxxpredictiveHigh
63ArgumentxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68Argumentxxxxxx_xxxxxxpredictiveHigh
69Argumentxxxxxxx xxxxpredictiveMedium
70Argumentxxxxxxxx_xxpredictiveMedium
71Argumentxxx_xxxxxxpredictiveMedium
72Argumentxxxxxx_xxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74Argumentxxxxxx_xxxx[]predictiveHigh
75ArgumentxxxxxxxpredictiveLow
76Argumentxx_xxxxxxxxpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79Argument_xxx_xxxxxxxxxxx_predictiveHigh
80Input ValuexxxxxpredictiveLow
81Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!