Dark Caracal تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (309)

التسلسل الزمني

اللغة

en226
zh78
de2
es2
ru2

البلد

la198
cn42
cz28
us24
my12

الفاعلين

Cobalt Strike10
Ave Maria8
RedLine Stealer7
AsyncRAT6
Dark Caracal5

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined108
Content Management System28
Operating System12
Groupware Software8
Log Management Software8

المجهز

Not Defined124
Microsoft12
Oracle6
Apache6
Liferay6

منتج

Microsoft Windows8
Liferay Portal6
Linux Kernel4
novel-plus4
Ecommerce-CodeIgniter-Bootstrap4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Synacor Zimbra Collaboration mboximport اجتياز الدليل4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.96501CVE-2022-27925
2DEXT5 DEXT5Upload dext5handler.jsp تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01228CVE-2020-13442
3DEXT5Upload dext5handler.jsp اجتياز الدليل4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00503CVE-2020-35362
4TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.260.01009CVE-2006-6168
5Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix6.290.00936CVE-2020-15906
6DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.890.00943CVE-2010-0966
7nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.570.00241CVE-2020-12440
8FasterXML jackson-databind تجاوز الصلاحيات9.89.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00410CVE-2019-14540
9Liferay Portal تجاوز الصلاحيات9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00474CVE-2011-1571
10Drupal Sanitization API سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00056CVE-2020-13672
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.660.00000
12LiteSpeed Cache Plugin Shortcode سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00051CVE-2023-4372
13WebTitan Appliance Extensions Persistent سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
14ipTIME NAS-I Bulletin Manage تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00988CVE-2020-7847
15request-baskets API Request {name} تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.050.05974CVE-2023-27163
16PHP phpinfo سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.02101CVE-2007-1287
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.28182CVE-2021-34480
18DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd تجاوز الصلاحيات4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00166CVE-2022-41479
19CodeIgniter old تجاوز الصلاحيات6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05251CVE-2022-21647
20Basilix Webmail login.php3 تجاوز الصلاحيات7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
174.208.167.252Dark Caracal16/12/2020verifiedعالي
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal16/12/2020verifiedعالي
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx16/12/2020verifiedعالي
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedعالي
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx16/12/2020verifiedعالي
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedعالي
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedعالي
8XXX.XXX.XXX.XXXXxxx Xxxxxxx16/12/2020verifiedعالي
9XXX.XXX.XXX.XXXxxx Xxxxxxx16/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Injectionpredictiveعالي
3T1059CWE-88, CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/dl_sendmail.phppredictiveعالي
2File/api/baskets/{name}predictiveعالي
3File/api/v2/cli/commandspredictiveعالي
4File/apply.cgipredictiveمتوسط
5File/dede/sys_sql_query.phppredictiveعالي
6File/DXR.axdpredictiveمتوسط
7File/forum/away.phppredictiveعالي
8File/novel/bookSetting/listpredictiveعالي
9File/novel/userFeedback/listpredictiveعالي
10File/owa/auth/logon.aspxpredictiveعالي
11File/spip.phppredictiveمتوسط
12File/usr/bin/pkexecpredictiveعالي
13File/zm/index.phppredictiveعالي
14Fileadclick.phppredictiveمتوسط
15Fileadmin.jcomments.phppredictiveعالي
16Fileadmin/file-manager/attachmentspredictiveعالي
17Fileapplication/modules/admin/views/ecommerce/products.phppredictiveعالي
18Filexxxxx.xxxpredictiveمتوسط
19Filexxxxxxxxxxx.xxxpredictiveعالي
20Filexxxx/xxxxxxxxxxxx.xxxpredictiveعالي
21Filexxxx.xxxpredictiveمتوسط
22Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveعالي
23Filexxxx_xxxxxxx.xxxpredictiveعالي
24Filexxx-xxx/xxxxxxx.xxpredictiveعالي
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveعالي
27Filexxxxx-xxxxxxx.xxxpredictiveعالي
28Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
29Filexxxxxx.xxxpredictiveمتوسط
30Filexxxxxxxxxx\xxxx.xxxpredictiveعالي
31Filexxxxxxxxxxx.xxxpredictiveعالي
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
33Filexxxxxxxxxxxx.xxxpredictiveعالي
34Filexxxx-xxxxxx.xxxpredictiveعالي
35Filexxxx.xxxpredictiveمتوسط
36Filexxxxxxxxxxx.xxxxx.xxxpredictiveعالي
37Filexxxx.xxxpredictiveمتوسط
38Filexxxxx_xxxxxxxx.xxxpredictiveعالي
39Filexxxxx_xxxx.xxxpredictiveعالي
40Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveعالي
41Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveعالي
42Filexxx/xxxxxx.xxxpredictiveعالي
43Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveعالي
44Filexxxxx.xxxxpredictiveمتوسط
45Filexxxxx.xxxpredictiveمتوسط
46Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveعالي
47Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveعالي
48Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveعالي
49Filexxx.xpredictiveواطئ
50Filexxxx_xxxxxxx.xxxpredictiveعالي
51Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveعالي
52Filexxxxx.xxxxpredictiveمتوسط
53Filexxxxx.xxxpredictiveمتوسط
54Filexx_xxxx.xpredictiveمتوسط
55Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveعالي
56Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveعالي
57Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
58Filexxxxxxx_xxxx.xxxpredictiveعالي
59Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
60Filexxxxxxx.xxxpredictiveمتوسط
61Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveعالي
62Filexxxxxxx_xxxx.xxxpredictiveعالي
63Filexxxxx.xxxpredictiveمتوسط
64Filexxxx_xxxx_xxxxxx.xxxpredictiveعالي
65Filexxxx.xxxpredictiveمتوسط
66Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveعالي
67Filexxxx_xxxxx.xxxxpredictiveعالي
68Filexxx/xxxx/xxxxpredictiveعالي
69Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveعالي
70Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveعالي
71Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveعالي
72Filexxxxxxxxx/xxxxxxxx.xxxpredictiveعالي
73Filexxxx-xxxxx.xxxpredictiveعالي
74Filexxxx-xxxxxxxx.xxxpredictiveعالي
75Filexxxxxxxx.xxxpredictiveمتوسط
76Filexxxxxx.xxxpredictiveمتوسط
77Filexxxxxxx-xxxxx.xxxpredictiveعالي
78Filexxxx_xxxxx.xxxpredictiveعالي
79Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveعالي
80Filexxxx.xxxpredictiveمتوسط
81Filexx-xxxxx/xxxx.xxxpredictiveعالي
82Filexx-xxxxx-xxxxxx.xxxpredictiveعالي
83Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
84Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveعالي
85Filexxxx.xxxpredictiveمتوسط
86File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveعالي
87File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
88File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveعالي
89File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveعالي
90Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveعالي
91Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveعالي
92Argumentxxx_xxxpredictiveواطئ
93Argumentxxxxxxxxxpredictiveمتوسط
94Argumentxxxxxxxxpredictiveمتوسط
95Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveعالي
96Argumentxxxxx_xxxxpredictiveمتوسط
97Argumentxxxx_xxx_xxxxpredictiveعالي
98Argumentxxxxxxxxxxpredictiveمتوسط
99Argumentxxxpredictiveواطئ
100Argumentxxxxxxxxxxxxxxxpredictiveعالي
101Argumentxxxxxxpredictiveواطئ
102Argumentxxxxxxxxxxxxxpredictiveعالي
103Argumentxxxxpredictiveواطئ
104Argumentxxxxxpredictiveواطئ
105Argumentxxxxxxxxx_xxxxxxpredictiveعالي
106Argumentxxxxxxxxxpredictiveمتوسط
107Argumentxx_xxxxxxxpredictiveمتوسط
108Argumentxxxxpredictiveواطئ
109Argumentxxxxxxxxpredictiveمتوسط
110Argumentxxxxxxxxxxxxxxxpredictiveعالي
111Argumentxxxxxx_xxxxxpredictiveمتوسط
112Argumentxx_xxpredictiveواطئ
113Argumentxxxxxxx[xxxxxxx]predictiveعالي
114Argumentxxxxxpredictiveواطئ
115Argumentxxxxxx_xxxx_xxxpredictiveعالي
116Argumentxxpredictiveواطئ
117Argumentxxxxpredictiveواطئ
118Argumentxxxxpredictiveواطئ
119Argumentxxpredictiveواطئ
120Argumentxxxxxx/xxxxx/xxxxpredictiveعالي
121Argumentxxxxxxxpredictiveواطئ
122Argumentxxxxpredictiveواطئ
123Argumentxxxxxxxxpredictiveمتوسط
124Argumentxxxxxx_xxxxxxpredictiveعالي
125Argumentxxxxxxx xxxxpredictiveمتوسط
126Argumentxxxxxxxx_xxpredictiveمتوسط
127Argumentxxx_xxxxxxpredictiveمتوسط
128Argumentxxxxxx_xxxxxpredictiveمتوسط
129Argumentxxxxxxxxpredictiveمتوسط
130Argumentxxxx_xxxxpredictiveمتوسط
131Argumentxxxxpredictiveواطئ
132Argumentxxxpredictiveواطئ
133Argumentxxxxxx_xxxx[]predictiveعالي
134Argumentxxxxxxxpredictiveواطئ
135Argumentxxxpredictiveواطئ
136Argumentxxxxxpredictiveواطئ
137Argumentxx_xxxxxxxxpredictiveمتوسط
138Argumentxxxpredictiveواطئ
139Argumentxxxxxxxxpredictiveمتوسط
140Argument_xxx_xxxxxxxxxxx_predictiveعالي
141Input Valuexxxxxpredictiveواطئ
142Input Valuexxxxxxxxx' xxx 'x'='xpredictiveعالي
143Pattern|xx xx xx xx|predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!