Cardinal RAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (278)

Lang

en	198
fr	48
it	18
es	4
de	4

Land

us	180
cr	70
ru	14
ar	12

Skådespelare

Cardinal RAT	5
Silence	1
Dharma	1
DNSpionage	1
Smoke Loader (Trickbot Payload)	1

Intressera

Typ

Not Defined	102
Web Browser	14
Content Management System	14
Document Reader Software	10
Smartphone Operating System	10

Säljare

Not Defined	106
Google	16
Adobe	10
Microsoft	10
IBM	10

Produkt

MantisBT	8
Google Android	8
Adobe Flash Player	6
Qualcomm Snapdragon Mobile	6
Qualcomm Snapdragon Wear	6

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	MGB OpenSource Guestbook email.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.25	0.01302	CVE-2007-0354
3	Foxit PhantomPDF fxhtml2pdf minneskorruption	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00835	CVE-2018-17706
4	Qualcomm Snapdragon Mobile WLAN minneskorruption	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2018-11875
5	Qualcomm Snapdragon Mobile WLAN privilegier eskalering	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2018-11873
6	Qualcomm Snapdragon Mobile/Snapdragon Wear Modem Segment privilegier eskalering	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00044	CVE-2017-18308
7	Yammer Desktop App privilegier eskalering	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.03929	CVE-2018-8569
8	Moxa ThingsPro privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00736	CVE-2018-18396
9	elfutils libdw dwarf_getaranges.c dwarf_getaranges minneskorruption	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00572	CVE-2018-16062
10	Kraftway 24F2XG Web Interface minneskorruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.01034	CVE-2018-15353
11	Google Android Qualcomm Crypto Driver privilegier eskalering	9.3	9.3	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.04	0.00623	CVE-2016-8418
12	Google Android libjpeg privilegier eskalering	7.8	7.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00345	CVE-2016-6702
13	PHP Link Directory Administration Page index.html cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.21	0.00374	CVE-2007-0529
14	Phplinkdirectory PHP Link Directory conf_users_edit.php förfalskning på begäran över webbplatsen	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00526	CVE-2011-0643
15	phpBB XS bb_usage_stats.php privilegier eskalering	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.07955	CVE-2006-4893
16	PHPUnit HTTP POST eval-stdin.php privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.97477	CVE-2017-9841
17	Intelliants Subrion CMS Members Administrator förfalskning på begäran över webbplatsen	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00150	CVE-2020-18326
18	InviteBox Plugin for Viral Refer-a-Friend Promotions Plugin Parameter admin.php cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00061	CVE-2021-38359
19	ABB Base Software for SoftControl svag autentisering	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00169	CVE-2020-24672
20	Cisco Adaptive Security Device Manager Signature Verification privilegier eskalering	7.5	7.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.06672	CVE-2021-1585

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Cardinal RAT

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	127.194.73.243		Cardinal RAT	Cardinal RAT	22/12/2020	verified	Hög
2	127.194.87.192		Cardinal RAT	Cardinal RAT	22/12/2020	verified	Hög
3	XXX.XX.XXX.X	xxx.xx.xxx.x.xxxxxxxxx-xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög
4	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxx-xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög
5	XXX.XX.X.XXX	xxxxxxxxxxxxx.xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög
6	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxxx-xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög
7	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög
8	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxxxxx Xxx	Xxxxxxxx Xxx	22/12/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1059	CWE-94	Argument Injection	predictive	Hög
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
11	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Hög
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/?/plugin/comment/settings	predictive	Hög
2	File	/filemanager/upload.php	predictive	Hög
3	File	/forum/away.php	predictive	Hög
4	File	/inc/parser/xhtml.php	predictive	Hög
5	File	/uncpath/	predictive	Medium
6	File	/webconsole/APIController	predictive	Hög
7	File	/webmail/	predictive	Medium
8	File	adclick.php	predictive	Medium
9	File	admin.php?s=/Admin/doedit	predictive	Hög
10	File	admin/conf_users_edit.php	predictive	Hög
11	File	admin/web_config.php	predictive	Hög
12	File	xxxxxxx.xxx	predictive	Medium
13	File	xxxxx.x	predictive	Låg
14	File	xx_xxxxx_xxxxx.xxx	predictive	Hög
15	File	xxx_xxxxxxxxxxx_xxx_xxxx.xxx	predictive	Hög
16	File	xxx_xxxxxx_xxxx.xxx	predictive	Hög
17	File	xxxxxxxx.xxx	predictive	Medium
18	File	xxxx/xxxxxxxx.x	predictive	Hög
19	File	xxxxxx_xxxxxxxx_xxx.xxx	predictive	Hög
20	File	xxxxx\xxxx\xxx_xxxx\xxxx_xxxx.xxx	predictive	Hög
21	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
22	File	xxxxx_xxxxxxxxxx.x	predictive	Hög
23	File	xxx/xxx/xxxxx	predictive	Hög
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxxx_xxx.xxx	predictive	Hög
26	File	xxxx/xxxx.x	predictive	Medium
27	File	xxxxxxxx.x	predictive	Medium
28	File	xxx.x	predictive	Låg
29	File	xxxxx.xxxx	predictive	Medium
30	File	xxxxx.xxx	predictive	Medium
31	File	xxxxxx.x	predictive	Medium
32	File	xxxxxxx.xxx	predictive	Medium
33	File	xxxxxxxx.x	predictive	Medium
34	File	xxxxxx/xxxxxxx.xxx	predictive	Hög
35	File	xxxxxxx/xxx_xxxxxx/xxxxxx.x	predictive	Hög
36	File	xxxxxxxx/xxxx/xxxx.xxx	predictive	Hög
37	File	xxxxx.xxx	predictive	Medium
38	File	xxxxxxxxxx.xxx	predictive	Hög
39	File	xxxxxx_xxxxxx.xx	predictive	Hög
40	File	xxxxxxxxxx.xxxx	predictive	Hög
41	File	xxxx_xxxxxxx.x	predictive	Hög
42	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	Hög
43	File	xxxxxxxxxxxx/xxxxxxx.xxx	predictive	Hög
44	File	xxx-xxxxxxx.x	predictive	Hög
45	File	xxx_xxxxxx.x	predictive	Medium
46	File	xxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxx	predictive	Hög
47	File	xxxxxxxx.x	predictive	Medium
48	File	xxxxx/xxxxxxxx.x	predictive	Hög
49	File	xxxxx/xxxxxxx.x	predictive	Hög
50	File	xxxxxx\xxxxxxx\xxx\xxxxxxx.xxx	predictive	Hög
51	File	xxxx/xxxx_xxxx.x	predictive	Hög
52	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	Hög
53	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Hög
54	File	xxx_xxxxx.x	predictive	Medium
55	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	Hög
56	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Hög
57	File	_xxxx_xxxx.xxx	predictive	Hög
58	File	~/xxxxx/xxxxx.xxx	predictive	Hög
59	Library	xxx/xxxx/xxx/xxx.xxx	predictive	Hög
60	Library	xxx/xxxxx.x	predictive	Medium
61	Library	xxxxxxx	predictive	Låg
62	Library	xxxxxxxxx.xxx	predictive	Hög
63	Argument	${xxx}	predictive	Låg
64	Argument	xxxxxx	predictive	Låg
65	Argument	xxxxxxxxxx_xx	predictive	Hög
66	Argument	xxxxxxxxxxxxx	predictive	Hög
67	Argument	xxxx_xxxxx	predictive	Medium
68	Argument	xxxx_xxx	predictive	Medium
69	Argument	xx	predictive	Låg
70	Argument	xxxxxx	predictive	Låg
71	Argument	xxxxxxxx	predictive	Medium
72	Argument	xxxxxxxx	predictive	Medium
73	Argument	xxxxxxx	predictive	Låg
74	Argument	x_xx	predictive	Låg
75	Argument	xxxx	predictive	Låg
76	Argument	xxxxxx[xxxxxxx_xxxxxxxx]	predictive	Hög
77	Argument	xxxxxxxx	predictive	Medium
78	Argument	xxxxxxxx	predictive	Medium
79	Argument	xxxxx_xxxx_xxxx	predictive	Hög
80	Argument	xxxx_xxxxxx	predictive	Medium
81	Argument	xxxxxxxx	predictive	Medium
82	Argument	xxxxxxx_xx	predictive	Medium
83	Argument	xxxxxxx_xxxx	predictive	Medium
84	Argument	xxxxxxxxxxxxxx	predictive	Hög
85	Argument	xxxxxxx	predictive	Låg
86	Argument	xxxxx	predictive	Låg
87	Argument	xxx	predictive	Låg
88	Argument	xxx	predictive	Låg
89	Argument	xxxxxxxx	predictive	Medium
90	Argument	xxxxxxxxxxxxxxxxx	predictive	Hög
91	Argument	x-xxxxxxxxx-xxx	predictive	Hög
92	Argument	_xxxx	predictive	Låg
93	Input Value	-<xxxxxx>	predictive	Medium
94	Network Port	xxx/xxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!