Dark Caracal Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (327)

Временная шкала

Язык

en254
zh62
pl4
ru4
ja2

Страна

la214
cz34
us28
cn26
my14

Акторы

Cobalt Strike10
Ave Maria8
Dark Caracal6
RedLine Stealer6
AsyncRAT5

Деятельность

Интерес

Временная шкала

Тип

Not Defined122
Content Management System24
WordPress Plugin18
Advertising Software8
Application Server Software6

Поставщик

Not Defined132
Microsoft10
Apache8
Revive8
Joomla6

Продукт

Revive Adserver8
WordPress8
Joomla CMS6
Qualcomm Snapdragon Mobile4
OpenBSD OpenSSH4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1TikiWiki tiki-register.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010097.93CVE-2006-6168
2Synacor Zimbra Collaboration mboximport обход каталога4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.961420.00CVE-2022-27925
3DEXT5 DEXT5Upload dext5handler.jsp эскалация привилегий8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012280.02CVE-2020-13442
4DEXT5Upload dext5handler.jsp обход каталога4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005030.02CVE-2020-35362
5Tiki Admin Password tiki-login.php слабая аутентификация8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.30CVE-2020-15906
6DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.33CVE-2010-0966
7nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.00CVE-2020-12440
8FasterXML jackson-databind эскалация привилегий9.89.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004100.08CVE-2019-14540
9Liferay Portal эскалация привилегий9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005780.00CVE-2011-1571
10Drupal Sanitization API межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.25
12LiteSpeed Cache Plugin Shortcode межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
13WebTitan Appliance Extensions Persistent межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
14ipTIME NAS-I Bulletin Manage эскалация привилегий7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
15request-baskets API Request {name} эскалация привилегий6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
16PHP phpinfo межсайтовый скриптинг4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
18DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd эскалация привилегий4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2022-41479
19CodeIgniter old эскалация привилегий6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.068970.02CVE-2022-21647
20Basilix Webmail login.php3 эскалация привилегий7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
174.208.167.252Dark Caracal16.12.2020verifiedВысокий
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal16.12.2020verifiedВысокий
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx16.12.2020verifiedВысокий
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16.12.2020verifiedВысокий
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx16.12.2020verifiedВысокий
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16.12.2020verifiedВысокий
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16.12.2020verifiedВысокий
8XXX.XXX.XXX.XXXXxxx Xxxxxxx16.12.2020verifiedВысокий
9XXX.XXX.XXX.XXXxxx Xxxxxxx16.12.2020verifiedВысокий

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-21, CWE-22, CWE-24Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveВысокий
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
18TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (161)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/dl_sendmail.phppredictiveВысокий
2File/adminPage/conf/reloadpredictiveВысокий
3File/api/baskets/{name}predictiveВысокий
4File/api/v2/cli/commandspredictiveВысокий
5File/apply.cgipredictiveСредний
6File/dede/sys_sql_query.phppredictiveВысокий
7File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveВысокий
8File/DXR.axdpredictiveСредний
9File/forum/away.phppredictiveВысокий
10File/mfsNotice/pagepredictiveВысокий
11File/novel/bookSetting/listpredictiveВысокий
12File/novel/userFeedback/listpredictiveВысокий
13File/owa/auth/logon.aspxpredictiveВысокий
14File/spip.phppredictiveСредний
15File/usr/bin/pkexecpredictiveВысокий
16File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveВысокий
17File/zm/index.phppredictiveВысокий
18Fileadclick.phppredictiveСредний
19Fileadmin.jcomments.phppredictiveВысокий
20Filexxxxx/xxxx-xxxxxxx/xxxxxxxxxxxpredictiveВысокий
21Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
22Filexxxxx.xxxpredictiveСредний
23Filexxxxxxxxxxx.xxxpredictiveВысокий
24Filexxxx/xxxxxxxxxxxx.xxxpredictiveВысокий
25Filexxxx.xxxpredictiveСредний
26Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveВысокий
27Filexxxx_xxxxxxx.xxxpredictiveВысокий
28Filexxx-xxx/xxxxxxx.xxpredictiveВысокий
29Filexxxxx.xxxpredictiveСредний
30Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveВысокий
31Filexxxxx-xxxxxxx.xxxpredictiveВысокий
32Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveВысокий
33Filexxxxxx.xxxpredictiveСредний
34Filexxxxxxxxxx\xxxx.xxxpredictiveВысокий
35Filexxxxxxxxxxx.xxxpredictiveВысокий
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
37Filexxxxxxxxxxxx.xxxpredictiveВысокий
38Filexxxx-xxxxxx.xxxpredictiveВысокий
39Filexxxx.xxxpredictiveСредний
40Filexxxxxxxxxxx.xxxxx.xxxpredictiveВысокий
41Filexxxx.xxxpredictiveСредний
42Filexxxxx_xxxxxxxx.xxxpredictiveВысокий
43Filexxxxx_xxxx.xxxpredictiveВысокий
44Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveВысокий
45Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveВысокий
46Filexxx/xxxxxx.xxxpredictiveВысокий
47Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveВысокий
48Filexxxxx.xxxxpredictiveСредний
49Filexxxxx.xxxpredictiveСредний
50Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveВысокий
51Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveВысокий
52Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveВысокий
53Filexxx.xpredictiveНизкий
54Filexxxx_xxxxxxx.xxxpredictiveВысокий
55Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveВысокий
56Filexxxxx.xxxxpredictiveСредний
57Filexxxxx.xxxpredictiveСредний
58Filexxxx.xxxxpredictiveСредний
59Filexx_xxxx.xpredictiveСредний
60Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
61Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveВысокий
62Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveВысокий
63Filexxxxxxx_xxxx.xxxpredictiveВысокий
64Filexxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
65Filexxxxxxx.xxxpredictiveСредний
66Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveВысокий
67Filexxxxxxx_xxxx.xxxpredictiveВысокий
68Filexxxxx.xxxpredictiveСредний
69Filexxxx_xxxx_xxxxxx.xxxpredictiveВысокий
70Filexxxx.xxxpredictiveСредний
71Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveВысокий
72Filexxxx_xxxxx.xxxxpredictiveВысокий
73Filexxxxxxxxxx_xxxx.xxxpredictiveВысокий
74Filexxx/xxxx/xxxxpredictiveВысокий
75Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveВысокий
76Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveВысокий
77Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveВысокий
78Filexxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
79Filexxxx_xxxxxx.xxpredictiveВысокий
80Filexxxx-xxxxx.xxxpredictiveВысокий
81Filexxxx-xxxxxxxx.xxxpredictiveВысокий
82Filexxxxxxxx.xxxpredictiveСредний
83Filexxxxxx_xxxxx.xxxpredictiveВысокий
84Filexxxxxx.xxxpredictiveСредний
85Filexxxxxxx-xxxxx.xxxpredictiveВысокий
86Filexxxx_xxxxx.xxxpredictiveВысокий
87Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveВысокий
88Filexxxx.xxxpredictiveСредний
89Filexx-xxxxx/xxxx.xxxpredictiveВысокий
90Filexx-xxxxx-xxxxxx.xxxpredictiveВысокий
91Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveВысокий
92Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
93Filexxxx.xxxpredictiveСредний
94File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveВысокий
95File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveВысокий
96File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveВысокий
97File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveВысокий
98Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveВысокий
99Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveВысокий
100Argumentxxx_xxxpredictiveНизкий
101ArgumentxxxxpredictiveНизкий
102ArgumentxxxxxxxxxpredictiveСредний
103ArgumentxxxxxxxxpredictiveСредний
104Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveВысокий
105Argumentxxxxx_xxxxpredictiveСредний
106Argumentxxxx_xxx_xxxxpredictiveВысокий
107ArgumentxxxxxxxxxxpredictiveСредний
108ArgumentxxxpredictiveНизкий
109ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
110ArgumentxxxxxxpredictiveНизкий
111ArgumentxxxxxxxxxxxxxpredictiveВысокий
112ArgumentxxxxpredictiveНизкий
113ArgumentxxxxxpredictiveНизкий
114Argumentxxxxxxxxx_xxxxxxpredictiveВысокий
115ArgumentxxxxxxxxxpredictiveСредний
116Argumentxx_xxxxxxxpredictiveСредний
117ArgumentxxxxpredictiveНизкий
118ArgumentxxxxxxxxpredictiveСредний
119ArgumentxxxxxpredictiveНизкий
120ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
121Argumentxxxxxx_xxxxxpredictiveСредний
122Argumentxx_xxpredictiveНизкий
123Argumentxxxxxxx[xxxxxxx]predictiveВысокий
124ArgumentxxxxxxxpredictiveНизкий
125ArgumentxxxxxxpredictiveНизкий
126ArgumentxxxxxpredictiveНизкий
127Argumentxxxxxx_xxxx_xxxpredictiveВысокий
128ArgumentxxpredictiveНизкий
129ArgumentxxxpredictiveНизкий
130ArgumentxxxxpredictiveНизкий
131ArgumentxxxxpredictiveНизкий
132Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveВысокий
133ArgumentxxxxxxxxpredictiveСредний
134ArgumentxxpredictiveНизкий
135Argumentxxxxxx/xxxxx/xxxxpredictiveВысокий
136ArgumentxxxxxxxpredictiveНизкий
137ArgumentxxxxpredictiveНизкий
138ArgumentxxxxxxxxpredictiveСредний
139Argumentxxxxxx_xxxxxxpredictiveВысокий
140Argumentxxxxxxx xxxxpredictiveСредний
141Argumentxxxxxxxx_xxpredictiveСредний
142Argumentxxx_xxxxxxpredictiveСредний
143Argumentxxxxxx_xxxxxpredictiveСредний
144ArgumentxxxxxxxxpredictiveСредний
145Argumentxxxx_xxxxpredictiveСредний
146ArgumentxxxxpredictiveНизкий
147ArgumentxxxpredictiveНизкий
148ArgumentxxxxxxpredictiveНизкий
149Argumentxxxxxx_xxxx[]predictiveВысокий
150ArgumentxxxxxxxpredictiveНизкий
151ArgumentxxxpredictiveНизкий
152ArgumentxxxxxpredictiveНизкий
153Argumentxx_xxxxxxxxpredictiveСредний
154ArgumentxxxpredictiveНизкий
155ArgumentxxxxxxxxpredictiveСредний
156Argument_xxx_xxxxxxxxxxx_predictiveВысокий
157Input ValuexxxxxpredictiveНизкий
158Input Valuexxxxxxxxx' xxx 'x'='xpredictiveВысокий
159Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
160Pattern|xx xx xx xx|predictiveВысокий
161Network PortxxxxxpredictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!