Careto Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (603)

Tidslinje

Lang

en582
de16
es2
it2
zh2

Land

de180
us86
es12
au2

Skådespelare

Careto3
Mirai1
Grizzly Steppe1
Generickdz1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined266
Operating System60
WordPress Plugin20
Router Operating System20
Web Browser16

Säljare

Not Defined198
Microsoft28
Cisco26
Adobe22
Google16

Produkt

Microsoft Windows20
Adobe Magento Commerce18
Linux Kernel16
Google Chrome8
FreeBSD8

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Atlassian Confluence Server/Data Center privilegier eskalering5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.02CVE-2021-43940
2Apple macOS Login Window privilegier eskalering4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.05CVE-2021-30702
3Microsoft Windows Active Directory integrated DNS privilegier eskalering8.88.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011800.00CVE-2020-0761
4lighttpd mod_alias_physical_handler mod_alias.c kataloggenomgång7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004930.02CVE-2018-19052
5nginx ngx_http_mp4_module informationsgivning5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
6Click Studios Passwordstate PIN Generator informationsgivning4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.002300.00CVE-2020-27747
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
8WordPress Password Reset wp-login.php mail privilegier eskalering6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.02CVE-2017-8295
9Rarlab WinRar Recovery Volume minneskorruption6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.08CVE-2023-40477
10Ingredients Stock Management System view_item.php sql injektion6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2022-36701
11HPE OfficeConnect 1820 svag autentisering9.19.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.03CVE-2022-37932
12Apache Flume JMS Source privilegier eskalering8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.00CVE-2022-34916
13SourceCodester Online Class and Exam Scheduling System class_sched.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.04CVE-2022-2706
14TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue minneskorruption9.49.4$0-$5k$0-$5kNot DefinedNot Defined0.002160.00CVE-2022-24014
15Download Monitor Plugin wp-config.php privilegier eskalering4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2021-31567
16Questions For Confluence App svag autentisering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.972690.06CVE-2022-26138
17Wavlink WL-WN575A3 POST Request obtw privilegier eskalering7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003730.00CVE-2022-34592
18Google Chrome Chrome OS Shell minneskorruption6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005410.02CVE-2022-2296
19Dice File privilegier eskalering7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002980.00CVE-2022-32413
20HMA VPN privilegier eskalering8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2022-26634

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
18.28.16.254Careto01/01/2021verifiedHög
212.0.0.38Careto01/01/2021verifiedHög
323.20.44.92ec2-23-20-44-92.compute-1.amazonaws.comCareto01/01/2021verifiedMedium
437.235.63.127127-63-235-37.static.edis.atCareto01/01/2021verifiedHög
5XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxxx01/01/2021verifiedHög
6XX.XX.XX.XXXxxxxx01/01/2021verifiedHög
7XX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx01/01/2021verifiedHög
8XX.X.XXX.XXxxxxxxxx-xx-x-xxx-xxx.xxxxxxxxxx.xxXxxxxx01/01/2021verifiedHög
9XXX.XXX.XXX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxx01/01/2021verifiedHög
10XXX.XXX.XXX.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxx01/01/2021verifiedHög
11XXX.XX.XX.XXXxxxxx01/01/2021verifiedHög
12XXX.XXX.XXX.XXXxxxxx01/01/2021verifiedHög
13XXX.XX.XXX.XXXxxxxxxxxx.xxxXxxxxx01/01/2021verifiedHög
14XXX.XX.XXX.XXXxxx-xxxx-xxxx.xxxx.xxXxxxxx01/01/2021verifiedHög
15XXX.XXX.XX.XXXxxxx.xxxxxxxxxx.xxx.xxXxxxxx01/01/2021verifiedHög
16XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxxXxxxxx01/01/2021verifiedHög

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CWE-94Argument InjectionpredictiveHög
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHög
19TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHög
20TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
21TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHög
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
23TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (195)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/api/update_setuppredictiveHög
2File/APP_Installation.asppredictiveHög
3File/cgi-bin/live_api.cgipredictiveHög
4File/IISADMPWDpredictiveMedium
5File/items/view_item.phppredictiveHög
6File/pages/class_sched.phppredictiveHög
7File/php-fusion/infusions/shoutbox_panel/shoutbox_archive.phppredictiveHög
8File/platform.cgipredictiveHög
9File/Status/wan_button_action.asppredictiveHög
10File/tmp/.uci/networkpredictiveHög
11File/uncpath/predictiveMedium
12File/UserspredictiveLåg
13File/usr/predictiveLåg
14FileAavmker4.syspredictiveMedium
15Fileadd_user.phppredictiveMedium
16Fileadmin/app/physical/physical.phppredictiveHög
17Fileadmin/auto.defpredictiveHög
18Fileapi/settings/valuespredictiveHög
19Fileapp/admin/custom-fields/filter.phppredictiveHög
20Fileappfeed.cpredictiveMedium
21Fileashmem.cpredictiveMedium
22Fileauth-gss2.cpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxxx/xxxxx.xxxpredictiveHög
25Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
26Filexxxxxxxxxxx.xxxpredictiveHög
27Filexxxxx/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
28FilexxxxpredictiveLåg
29Filexxxx/xxxxxxx.xxxpredictiveHög
30Filexxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
31Filexxxx/xxx/xxxxxx_xxx.xxxpredictiveHög
32Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
33Filexxxxxxx/xxxxxxx/xxxxxxx-xxxx.xpredictiveHög
34Filexxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxxx_xxxxxx_xxxxxx.xxxpredictiveHög
37Filexxxx.xpredictiveLåg
38Filexxxx/xxxxx.xxpredictiveHög
39Filexxx_xxxxxx.xpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxx/xxx/xxx/xxx/xxxxxxx/xxxxxx/xxxxxx_xx_xxxxxxxxx.xpredictiveHög
42Filexxxxxxx/xxx/xxx/xxxx/xxxx_xxx_xxx.xpredictiveHög
43Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxx.xpredictiveHög
44Filexxxxxxx/xxxx/xxxxxxx/xxxxxxxx.xpredictiveHög
45Filexxxxx.xxxpredictiveMedium
46Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHög
47Filexxxxxxx.xpredictiveMedium
48Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
49Filexxxxxxxxxxx.xxxpredictiveHög
50Filexx/xxxxx/xxxx-xxxxx-xxxxx.xpredictiveHög
51Filexxxxxxx.xpredictiveMedium
52Filexxx/xxxx_xxxx.xpredictiveHög
53Filexxxxxx/xxxxxpredictiveMedium
54Filexxxx_xxxxxx.xpredictiveHög
55Filexxxxxxxxx.xpredictiveMedium
56Filexxxx/xxxx/xxxxxxx/xxxxx.xxxxpredictiveHög
57Filexx.xxpredictiveLåg
58Filexxxx_xxxx.xpredictiveMedium
59Filexx/xxx/xxxxxx-xxx.xpredictiveHög
60Filexx/xxx/xxx.xpredictiveMedium
61Filexxxxxxx/xx/xxxxxx/xxxxxx-xxx.xpredictiveHög
62Filexxxxxxx/xxxxx/xxxxxx/xxxx.xpredictiveHög
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxpredictiveHög
65Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
66Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHög
67Filexxx.xpredictiveLåg
68Filexxxxxxxx/xxx_xxxx.xpredictiveHög
69Filexxxxx.xpredictiveLåg
70Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
71Filexxx_xxx.xpredictiveMedium
72Filexxxxxxxx.xxxpredictiveMedium
73FilexxxxxxxxxpredictiveMedium
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxxxx.xxxpredictiveMedium
76Filexxxxxxx/xxxxxx_xxxxxxx/{xx}predictiveHög
77Filexxxxxxxxxxx.xxpredictiveHög
78Filexxxxxxxxx.xpredictiveMedium
79Filexx/xxxxxxx.xpredictiveMedium
80Filexx/xxxxxxxxx.xpredictiveHög
81Filexxx/xxx_xxx/xxxxxx/xxx_xxxxxx.xpredictiveHög
82Filexxxxxxx/xxxxx/xxxx.xpredictiveHög
83Filexxx_xxxxx.xpredictiveMedium
84Filexxx/xxxx/xxx.xpredictiveHög
85Filexxx/xxxxxxxx/xxxxxxx.xpredictiveHög
86Filexxxxxxxxxxx.xxxpredictiveHög
87Filexxxxxx.xpredictiveMedium
88Filexxx_xxxx.xpredictiveMedium
89Filexxxxxx.xxxpredictiveMedium
90Filexxxxxx_xxxxxxxxxx.xxpredictiveHög
91Filexxxxxx.xpredictiveMedium
92Filexxxxxxx/xxxxxxxxxxxxx/xxxxx-xxxx.xxxpredictiveHög
93Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
94Filexxxx.xpredictiveLåg
95Filexxxxx-xxx.xpredictiveMedium
96Filexxxxxxxxxxx.xxxxpredictiveHög
97Filexxxxxxxxxx.xxxpredictiveHög
98Filexxx/xxxxxpredictiveMedium
99Filexxx.xpredictiveLåg
100Filexxxxx_xxxxxx_xxx.xxxpredictiveHög
101Filexxxxxx.xxxpredictiveMedium
102Filexxxxxxxx/xxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxpredictiveHög
103Filexxxxx.xxxpredictiveMedium
104Filexxxxx/xxx/xxxxx/xxxxxx.xpredictiveHög
105Filexxxxxx.xxpredictiveMedium
106Filexxx/xxxxxxxxxx_xxxxpredictiveHög
107Filexxx_xxxxxxxx.xpredictiveHög
108Filexxxxxxx/xxxxxxxxxxxxpredictiveHög
109Filexxxxxxxx.xxxpredictiveMedium
110Filexxxxxxxx.xxxxpredictiveHög
111Filexxxxxx_xxxxxxx_xxxx_xxxxx.xxxpredictiveHög
112Filexxxxx/_xxxxxxxx.xxxpredictiveHög
113Filexxx.xxxpredictiveLåg
114Filexxxxxx.xxxpredictiveMedium
115Filexx/xxxxxxxxx/xxpredictiveHög
116Filexxxxxxxxx.xxxpredictiveHög
117Filexxxxxx/xxxxxx.xpredictiveHög
118Filexxxx/xxxxxxx-xxxx.xpredictiveHög
119Filexxxxxxxx.xxxpredictiveMedium
120Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx-xxxx&xxxxxxx=xxxxpredictiveHög
121Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx%xxxxxxxxxxx.xxxpredictiveHög
122Filexx-xxxxxx.xxxpredictiveHög
123Filexx-xxxxx.xxxpredictiveMedium
124Filexxxxxxxxx.xxxpredictiveHög
125Filexxxx.xxpredictiveLåg
126Libraryxxxxxxx.xxxpredictiveMedium
127Libraryxxx/xxx.xpredictiveMedium
128Libraryxxxxxxxx.xxxpredictiveMedium
129Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHög
130Libraryxxxxxxxx.xxxpredictiveMedium
131Libraryxxxxxxx.xxxpredictiveMedium
132Libraryxxxxxxxx.xxxpredictiveMedium
133Libraryxxxxxxxxxxxxx.xxx)predictiveHög
134Argument-xpredictiveLåg
135ArgumentxxxxxxxxxxxxpredictiveMedium
136Argumentxxxx_xxxxxxpredictiveMedium
137ArgumentxxxxxpredictiveLåg
138Argumentxxxxxxxxxxxx_xxxxxxxxxxxxpredictiveHög
139ArgumentxxxxxpredictiveLåg
140ArgumentxxxxxxxpredictiveLåg
141Argumentxxxxxx_xxxxxx_xxpredictiveHög
142ArgumentxxxxxxpredictiveLåg
143Argumentxxxx_xxxxpredictiveMedium
144Argumentxxxxxx xxxx/xxxxxx xxxxxxx/xxxx xxxx/xxxxx/xxxxxxxx/xxxpredictiveHög
145Argumentxxxxxxxxxxxx_xxxx_xxxx[x]predictiveHög
146ArgumentxxxpredictiveLåg
147ArgumentxxxxpredictiveLåg
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxpredictiveLåg
150ArgumentxxxxpredictiveLåg
151Argumentx_xxxxxxxxpredictiveMedium
152ArgumentxxxxxxxpredictiveLåg
153Argumentxxxxxx_xxx/xxxxx_xxxpredictiveHög
154ArgumentxxxxpredictiveLåg
155ArgumentxxxxpredictiveLåg
156Argumentxxxx_xxxxxpredictiveMedium
157ArgumentxxpredictiveLåg
158ArgumentxxpredictiveLåg
159ArgumentxxxxpredictiveLåg
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxxpredictiveLåg
162ArgumentxxxxxxxpredictiveLåg
163ArgumentxxxxxpredictiveLåg
164ArgumentxxxxxpredictiveLåg
165ArgumentxxxxxxxxxpredictiveMedium
166ArgumentxxxxxxxxpredictiveMedium
167ArgumentxxxxpredictiveLåg
168ArgumentxxxpredictiveLåg
169ArgumentxxxxxxxpredictiveLåg
170ArgumentxxxxxxxxxxxpredictiveMedium
171Argumentxxxxxx_xxxpredictiveMedium
172ArgumentxxxxxxxpredictiveLåg
173Argumentxxxxxx xxxxxxxxxpredictiveHög
174Argumentxxxxx_xxx/xxxxx_xxxxxpredictiveHög
175Argumentxx_xxxxpredictiveLåg
176ArgumentxxxxpredictiveLåg
177ArgumentxxxxxxxxxxxxxpredictiveHög
178ArgumentxxxxxpredictiveLåg
179ArgumentxxxxxxxxpredictiveMedium
180ArgumentxxxxpredictiveLåg
181Argumentxxxx_xxxxpredictiveMedium
182Argument{xxxxxpredictiveLåg
183Input Value'||(xxxxxx xxxxxxxxxx xxxxx xxxx=xxxx xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x))||'predictiveHög
184Input Value**@xxxxxxpredictiveMedium
185Input Value../predictiveLåg
186Input Valuexxx.x.x.xpredictiveMedium
187Input Valuexxxxx://xxxx.xxxxxxx.xxx@xxxxxx.xxxxxxx.xxx/predictiveHög
188Input ValuexxxxxxxxxxpredictiveMedium
189Input ValuexxxxpredictiveLåg
190Network Portxxx xxxxxpredictiveMedium
191Network Portxxx xxxxxpredictiveMedium
192Network Portxxx/xxxpredictiveLåg
193Network Portxxx/xxxxpredictiveMedium
194Network Portxxx/xxx (xxx)predictiveHög
195Network Portxxx xxxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!