Cardinal RAT Análise

IOB - Indicator of Behavior (278)

Curso de tempo

Idioma

en194
fr48
it26
de4
sv2

País

us172
cr76
ar14
ru8
id4

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Qualcomm Snapdragon Mobile10
MantisBT8
Adobe Flash Player8
Adobe Acrobat Reader6
Qualcomm Snapdragon Wear6

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2MGB OpenSource Guestbook email.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.470.01302CVE-2007-0354
3Foxit PhantomPDF fxhtml2pdf Excesso de tampão7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00835CVE-2018-17706
4Qualcomm Snapdragon Mobile WLAN Excesso de tampão6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2018-11875
5Qualcomm Snapdragon Mobile WLAN direitos alargados6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2018-11873
6Qualcomm Snapdragon Mobile/Snapdragon Wear Modem Segment direitos alargados6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-18308
7Yammer Desktop App direitos alargados7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.02759CVE-2018-8569
8Moxa ThingsPro direitos alargados8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00736CVE-2018-18396
9elfutils libdw dwarf_getaranges.c dwarf_getaranges Excesso de tampão6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00572CVE-2018-16062
10Kraftway 24F2XG Web Interface Excesso de tampão8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01034CVE-2018-15353
11Google Android Qualcomm Crypto Driver direitos alargados9.39.3$25k-$100k$25k-$100kNot DefinedNot Defined0.040.00623CVE-2016-8418
12Google Android libjpeg direitos alargados7.87.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00458CVE-2016-6702
13PHP Link Directory Administration Page index.html Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.350.00374CVE-2007-0529
14Phplinkdirectory PHP Link Directory conf_users_edit.php Falsificação de Pedido Cross Site6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00526CVE-2011-0643
15phpBB XS bb_usage_stats.php direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.07955CVE-2006-4893
16PHPUnit HTTP POST eval-stdin.php direitos alargados8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.97477CVE-2017-9841
17Intelliants Subrion CMS Members Administrator Falsificação de Pedido Cross Site4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00150CVE-2020-18326
18InviteBox Plugin for Viral Refer-a-Friend Promotions Plugin Parameter admin.php Roteiro Cruzado de Sítios5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00061CVE-2021-38359
19ABB Base Software for SoftControl Fraca autenticação9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00169CVE-2020-24672
20Cisco Adaptive Security Device Manager Signature Verification direitos alargados7.57.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.06672CVE-2021-1585

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Cardinal RAT

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/?/plugin/comment/settingspredictiveAlto
2File/filemanager/upload.phppredictiveAlto
3File/forum/away.phppredictiveAlto
4File/inc/parser/xhtml.phppredictiveAlto
5File/uncpath/predictiveMédio
6File/webconsole/APIControllerpredictiveAlto
7File/webmail/predictiveMédio
8Fileadclick.phppredictiveMédio
9Fileadmin.php?s=/Admin/doeditpredictiveAlto
10Fileadmin/conf_users_edit.phppredictiveAlto
11Fileadmin/web_config.phppredictiveAlto
12Filexxxxxxx.xxxpredictiveMédio
13Filexxxxx.xpredictiveBaixo
14Filexx_xxxxx_xxxxx.xxxpredictiveAlto
15Filexxx_xxxxxxxxxxx_xxx_xxxx.xxxpredictiveAlto
16Filexxx_xxxxxx_xxxx.xxxpredictiveAlto
17Filexxxxxxxx.xxxpredictiveMédio
18Filexxxx/xxxxxxxx.xpredictiveAlto
19Filexxxxxx_xxxxxxxx_xxx.xxxpredictiveAlto
20Filexxxxx\xxxx\xxx_xxxx\xxxx_xxxx.xxxpredictiveAlto
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
22Filexxxxx_xxxxxxxxxx.xpredictiveAlto
23Filexxx/xxx/xxxxxpredictiveAlto
24Filexxxxx.xxxpredictiveMédio
25Filexxxxxx_xxx.xxxpredictiveAlto
26Filexxxx/xxxx.xpredictiveMédio
27Filexxxxxxxx.xpredictiveMédio
28Filexxx.xpredictiveBaixo
29Filexxxxx.xxxxpredictiveMédio
30Filexxxxx.xxxpredictiveMédio
31Filexxxxxx.xpredictiveMédio
32Filexxxxxxx.xxxpredictiveMédio
33Filexxxxxxxx.xpredictiveMédio
34Filexxxxxx/xxxxxxx.xxxpredictiveAlto
35Filexxxxxxx/xxx_xxxxxx/xxxxxx.xpredictiveAlto
36Filexxxxxxxx/xxxx/xxxx.xxxpredictiveAlto
37Filexxxxx.xxxpredictiveMédio
38Filexxxxxxxxxx.xxxpredictiveAlto
39Filexxxxxx_xxxxxx.xxpredictiveAlto
40Filexxxxxxxxxx.xxxxpredictiveAlto
41Filexxxx_xxxxxxx.xpredictiveAlto
42Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveAlto
43Filexxxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
44Filexxx-xxxxxxx.xpredictiveAlto
45Filexxx_xxxxxx.xpredictiveMédio
46Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveAlto
47Filexxxxxxxx.xpredictiveMédio
48Filexxxxx/xxxxxxxx.xpredictiveAlto
49Filexxxxx/xxxxxxx.xpredictiveAlto
50Filexxxxxx\xxxxxxx\xxx\xxxxxxx.xxxpredictiveAlto
51Filexxxx/xxxx_xxxx.xpredictiveAlto
52Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
53Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
54Filexxx_xxxxx.xpredictiveMédio
55Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
56Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
57File_xxxx_xxxx.xxxpredictiveAlto
58File~/xxxxx/xxxxx.xxxpredictiveAlto
59Libraryxxx/xxxx/xxx/xxx.xxxpredictiveAlto
60Libraryxxx/xxxxx.xpredictiveMédio
61LibraryxxxxxxxpredictiveBaixo
62Libraryxxxxxxxxx.xxxpredictiveAlto
63Argument${xxx}predictiveBaixo
64ArgumentxxxxxxpredictiveBaixo
65Argumentxxxxxxxxxx_xxpredictiveAlto
66ArgumentxxxxxxxxxxxxxpredictiveAlto
67Argumentxxxx_xxxxxpredictiveMédio
68Argumentxxxx_xxxpredictiveMédio
69ArgumentxxpredictiveBaixo
70ArgumentxxxxxxpredictiveBaixo
71ArgumentxxxxxxxxpredictiveMédio
72ArgumentxxxxxxxxpredictiveMédio
73ArgumentxxxxxxxpredictiveBaixo
74Argumentx_xxpredictiveBaixo
75ArgumentxxxxpredictiveBaixo
76Argumentxxxxxx[xxxxxxx_xxxxxxxx]predictiveAlto
77ArgumentxxxxxxxxpredictiveMédio
78ArgumentxxxxxxxxpredictiveMédio
79Argumentxxxxx_xxxx_xxxxpredictiveAlto
80Argumentxxxx_xxxxxxpredictiveMédio
81ArgumentxxxxxxxxpredictiveMédio
82Argumentxxxxxxx_xxpredictiveMédio
83Argumentxxxxxxx_xxxxpredictiveMédio
84ArgumentxxxxxxxxxxxxxxpredictiveAlto
85ArgumentxxxxxxxpredictiveBaixo
86ArgumentxxxxxpredictiveBaixo
87ArgumentxxxpredictiveBaixo
88ArgumentxxxpredictiveBaixo
89ArgumentxxxxxxxxpredictiveMédio
90ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
91Argumentx-xxxxxxxxx-xxxpredictiveAlto
92Argument_xxxxpredictiveBaixo
93Input Value-<xxxxxx>predictiveMédio
94Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!