Dark Caracal Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (329)

Sequenza temporale

Linguaggio

en268
zh56
ru4
ja2

Nazione

la210
cz32
cn32
us28
my16

Attori

Cobalt Strike9
Dark Caracal7
AsyncRAT7
Ave Maria7
RedLine Stealer7

Attività

Interesse

Sequenza temporale

Genere

Not Defined88
Content Management System34
WordPress Plugin16
Programming Language Software10
Advertising Software10

Fornitore

Not Defined122
Microsoft12
Revive10
Oracle8
Apache6

Prodotto

Revive Adserver10
WordPress8
Liferay Portal6
DedeCMS6
Adobe ColdFusion4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.73CVE-2006-6168
2Synacor Zimbra Collaboration mboximport directory traversal4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.961420.00CVE-2022-27925
3DEXT5 DEXT5Upload dext5handler.jsp escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012280.02CVE-2020-13442
4DEXT5Upload dext5handler.jsp directory traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005030.02CVE-2020-35362
5Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.96CVE-2020-15906
6DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
7nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.30CVE-2020-12440
8FasterXML jackson-databind escalazione di privilegi9.89.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004100.04CVE-2019-14540
9Liferay Portal escalazione di privilegi9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005780.00CVE-2011-1571
10Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.59
12LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
13WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
14ipTIME NAS-I Bulletin Manage escalazione di privilegi7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
15request-baskets API Request {name} escalazione di privilegi6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
16PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
18DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd escalazione di privilegi4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.08CVE-2022-41479
19CodeIgniter old escalazione di privilegi6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.068970.02CVE-2022-21647
20Basilix Webmail login.php3 escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
174.208.167.252Dark Caracal16/12/2020verifiedAlto
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal16/12/2020verifiedAlto
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx16/12/2020verifiedAlto
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedAlto
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx16/12/2020verifiedAlto
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedAlto
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedAlto
8XXX.XXX.XXX.XXXXxxx Xxxxxxx16/12/2020verifiedAlto
9XXX.XXX.XXX.XXXxxx Xxxxxxx16/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-21, CWE-22, CWE-24Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (161)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/dl_sendmail.phppredictiveAlto
2File/adminPage/conf/reloadpredictiveAlto
3File/api/baskets/{name}predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/apply.cgipredictiveMedia
6File/dede/sys_sql_query.phppredictiveAlto
7File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveAlto
8File/DXR.axdpredictiveMedia
9File/forum/away.phppredictiveAlto
10File/mfsNotice/pagepredictiveAlto
11File/novel/bookSetting/listpredictiveAlto
12File/novel/userFeedback/listpredictiveAlto
13File/owa/auth/logon.aspxpredictiveAlto
14File/spip.phppredictiveMedia
15File/usr/bin/pkexecpredictiveAlto
16File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveAlto
17File/zm/index.phppredictiveAlto
18Fileadclick.phppredictiveMedia
19Fileadmin.jcomments.phppredictiveAlto
20Filexxxxx/xxxx-xxxxxxx/xxxxxxxxxxxpredictiveAlto
21Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
22Filexxxxx.xxxpredictiveMedia
23Filexxxxxxxxxxx.xxxpredictiveAlto
24Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
25Filexxxx.xxxpredictiveMedia
26Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveAlto
27Filexxxx_xxxxxxx.xxxpredictiveAlto
28Filexxx-xxx/xxxxxxx.xxpredictiveAlto
29Filexxxxx.xxxpredictiveMedia
30Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveAlto
31Filexxxxx-xxxxxxx.xxxpredictiveAlto
32Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
33Filexxxxxx.xxxpredictiveMedia
34Filexxxxxxxxxx\xxxx.xxxpredictiveAlto
35Filexxxxxxxxxxx.xxxpredictiveAlto
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxxxxxxxxxxx.xxxpredictiveAlto
38Filexxxx-xxxxxx.xxxpredictiveAlto
39Filexxxx.xxxpredictiveMedia
40Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
41Filexxxx.xxxpredictiveMedia
42Filexxxxx_xxxxxxxx.xxxpredictiveAlto
43Filexxxxx_xxxx.xxxpredictiveAlto
44Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
45Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
46Filexxx/xxxxxx.xxxpredictiveAlto
47Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveAlto
48Filexxxxx.xxxxpredictiveMedia
49Filexxxxx.xxxpredictiveMedia
50Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
51Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveAlto
52Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
53Filexxx.xpredictiveBasso
54Filexxxx_xxxxxxx.xxxpredictiveAlto
55Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveAlto
56Filexxxxx.xxxxpredictiveMedia
57Filexxxxx.xxxpredictiveMedia
58Filexxxx.xxxxpredictiveMedia
59Filexx_xxxx.xpredictiveMedia
60Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
61Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveAlto
62Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveAlto
63Filexxxxxxx_xxxx.xxxpredictiveAlto
64Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
65Filexxxxxxx.xxxpredictiveMedia
66Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveAlto
67Filexxxxxxx_xxxx.xxxpredictiveAlto
68Filexxxxx.xxxpredictiveMedia
69Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
70Filexxxx.xxxpredictiveMedia
71Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveAlto
72Filexxxx_xxxxx.xxxxpredictiveAlto
73Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
74Filexxx/xxxx/xxxxpredictiveAlto
75Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveAlto
76Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
77Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
78Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
79Filexxxx_xxxxxx.xxpredictiveAlto
80Filexxxx-xxxxx.xxxpredictiveAlto
81Filexxxx-xxxxxxxx.xxxpredictiveAlto
82Filexxxxxxxx.xxxpredictiveMedia
83Filexxxxxx_xxxxx.xxxpredictiveAlto
84Filexxxxxx.xxxpredictiveMedia
85Filexxxxxxx-xxxxx.xxxpredictiveAlto
86Filexxxx_xxxxx.xxxpredictiveAlto
87Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
88Filexxxx.xxxpredictiveMedia
89Filexx-xxxxx/xxxx.xxxpredictiveAlto
90Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
91Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
92Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
93Filexxxx.xxxpredictiveMedia
94File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
95File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
96File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
97File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveAlto
98Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveAlto
99Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveAlto
100Argumentxxx_xxxpredictiveBasso
101ArgumentxxxxpredictiveBasso
102ArgumentxxxxxxxxxpredictiveMedia
103ArgumentxxxxxxxxpredictiveMedia
104Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveAlto
105Argumentxxxxx_xxxxpredictiveMedia
106Argumentxxxx_xxx_xxxxpredictiveAlto
107ArgumentxxxxxxxxxxpredictiveMedia
108ArgumentxxxpredictiveBasso
109ArgumentxxxxxxxxxxxxxxxpredictiveAlto
110ArgumentxxxxxxpredictiveBasso
111ArgumentxxxxxxxxxxxxxpredictiveAlto
112ArgumentxxxxpredictiveBasso
113ArgumentxxxxxpredictiveBasso
114Argumentxxxxxxxxx_xxxxxxpredictiveAlto
115ArgumentxxxxxxxxxpredictiveMedia
116Argumentxx_xxxxxxxpredictiveMedia
117ArgumentxxxxpredictiveBasso
118ArgumentxxxxxxxxpredictiveMedia
119ArgumentxxxxxpredictiveBasso
120ArgumentxxxxxxxxxxxxxxxpredictiveAlto
121Argumentxxxxxx_xxxxxpredictiveMedia
122Argumentxx_xxpredictiveBasso
123Argumentxxxxxxx[xxxxxxx]predictiveAlto
124ArgumentxxxxxxxpredictiveBasso
125ArgumentxxxxxxpredictiveBasso
126ArgumentxxxxxpredictiveBasso
127Argumentxxxxxx_xxxx_xxxpredictiveAlto
128ArgumentxxpredictiveBasso
129ArgumentxxxpredictiveBasso
130ArgumentxxxxpredictiveBasso
131ArgumentxxxxpredictiveBasso
132Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveAlto
133ArgumentxxxxxxxxpredictiveMedia
134ArgumentxxpredictiveBasso
135Argumentxxxxxx/xxxxx/xxxxpredictiveAlto
136ArgumentxxxxxxxpredictiveBasso
137ArgumentxxxxpredictiveBasso
138ArgumentxxxxxxxxpredictiveMedia
139Argumentxxxxxx_xxxxxxpredictiveAlto
140Argumentxxxxxxx xxxxpredictiveMedia
141Argumentxxxxxxxx_xxpredictiveMedia
142Argumentxxx_xxxxxxpredictiveMedia
143Argumentxxxxxx_xxxxxpredictiveMedia
144ArgumentxxxxxxxxpredictiveMedia
145Argumentxxxx_xxxxpredictiveMedia
146ArgumentxxxxpredictiveBasso
147ArgumentxxxpredictiveBasso
148ArgumentxxxxxxpredictiveBasso
149Argumentxxxxxx_xxxx[]predictiveAlto
150ArgumentxxxxxxxpredictiveBasso
151ArgumentxxxpredictiveBasso
152ArgumentxxxxxpredictiveBasso
153Argumentxx_xxxxxxxxpredictiveMedia
154ArgumentxxxpredictiveBasso
155ArgumentxxxxxxxxpredictiveMedia
156Argument_xxx_xxxxxxxxxxx_predictiveAlto
157Input ValuexxxxxpredictiveBasso
158Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
159Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
160Pattern|xx xx xx xx|predictiveAlto
161Network PortxxxxxpredictiveBasso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!