Dark Caracal Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (309)

Tidslinje

Lang

en250
zh52
pl4
de2
ru2

Land

la202
cn34
cz30
us22
my10

Skådespelare

Cobalt Strike11
Ave Maria9
RedLine Stealer8
Dark Caracal6
AsyncRAT6

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined104
Content Management System30
Groupware Software16
WordPress Plugin12
Operating System12

Säljare

Not Defined108
Microsoft20
Revive8
Atlassian6
OpenBSD4

Produkt

Revive Adserver8
Microsoft Exchange Server8
CodeIgniter6
Microsoft Windows6
OpenBSD OpenSSH4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Synacor Zimbra Collaboration mboximport kataloggenomgång4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.96501CVE-2022-27925
2DEXT5 DEXT5Upload dext5handler.jsp privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01228CVE-2020-13442
3DEXT5Upload dext5handler.jsp kataloggenomgång4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00503CVE-2020-35362
4TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix4.400.01009CVE-2006-6168
5Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix3.340.00936CVE-2020-15906
6DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.350.00943CVE-2010-0966
7nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00241CVE-2020-12440
8FasterXML jackson-databind privilegier eskalering9.89.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00410CVE-2019-14540
9Liferay Portal privilegier eskalering9.88.8$0-$5kBeräknandeProof-of-ConceptOfficial Fix0.000.00474CVE-2011-1571
10Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00056CVE-2020-13672
11LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.900.00000
12LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00051CVE-2023-4372
13WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
14ipTIME NAS-I Bulletin Manage privilegier eskalering7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00988CVE-2020-7847
15request-baskets API Request {name} privilegier eskalering6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.05974CVE-2023-27163
16PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.28182CVE-2021-34480
18DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd privilegier eskalering4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.070.00166CVE-2022-41479
19CodeIgniter old privilegier eskalering6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05251CVE-2022-21647
20Basilix Webmail login.php3 privilegier eskalering7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
174.208.167.252Dark Caracal16/12/2020verifiedHög
277.78.103.41assigned-77-78-103-41.dc3.czDark Caracal16/12/2020verifiedHög
3XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxxXxxx Xxxxxxx16/12/2020verifiedHög
4XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedHög
5XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxxxx16/12/2020verifiedHög
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedHög
7XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx Xxxxxxx16/12/2020verifiedHög
8XXX.XXX.XXX.XXXXxxx Xxxxxxx16/12/2020verifiedHög
9XXX.XXX.XXX.XXXxxx Xxxxxxx16/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-21, CWE-22Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CWE-88, CWE-94Argument InjectionpredictiveHög
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/dl_sendmail.phppredictiveHög
2File/api/baskets/{name}predictiveHög
3File/api/v2/cli/commandspredictiveHög
4File/apply.cgipredictiveMedium
5File/dede/sys_sql_query.phppredictiveHög
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHög
8File/novel/bookSetting/listpredictiveHög
9File/novel/userFeedback/listpredictiveHög
10File/owa/auth/logon.aspxpredictiveHög
11File/spip.phppredictiveMedium
12File/usr/bin/pkexecpredictiveHög
13File/zm/index.phppredictiveHög
14Fileadclick.phppredictiveMedium
15Fileadmin.jcomments.phppredictiveHög
16Fileadmin/file-manager/attachmentspredictiveHög
17Fileapplication/modules/admin/views/ecommerce/products.phppredictiveHög
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxx.xxxpredictiveHög
20Filexxxx/xxxxxxxxxxxx.xxxpredictiveHög
21Filexxxx.xxxpredictiveMedium
22Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHög
23Filexxxx_xxxxxxx.xxxpredictiveHög
24Filexxx-xxx/xxxxxxx.xxpredictiveHög
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHög
27Filexxxxx-xxxxxxx.xxxpredictiveHög
28Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHög
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxx\xxxx.xxxpredictiveHög
31Filexxxxxxxxxxx.xxxpredictiveHög
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
33Filexxxxxxxxxxxx.xxxpredictiveHög
34Filexxxx-xxxxxx.xxxpredictiveHög
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxxxx.xxxxx.xxxpredictiveHög
37Filexxxx.xxxpredictiveMedium
38Filexxxxx_xxxxxxxx.xxxpredictiveHög
39Filexxxxx_xxxx.xxxpredictiveHög
40Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHög
41Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHög
42Filexxx/xxxxxx.xxxpredictiveHög
43Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHög
44Filexxxxx.xxxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHög
47Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHög
48Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHög
49Filexxx.xpredictiveLåg
50Filexxxx_xxxxxxx.xxxpredictiveHög
51Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHög
52Filexxxxx.xxxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexx_xxxx.xpredictiveMedium
55Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
56Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHög
57Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHög
58Filexxxxxxx_xxxx.xxxpredictiveHög
59Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHög
62Filexxxxxxx_xxxx.xxxpredictiveHög
63Filexxxxx.xxxpredictiveMedium
64Filexxxx_xxxx_xxxxxx.xxxpredictiveHög
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHög
67Filexxxx_xxxxx.xxxxpredictiveHög
68Filexxx/xxxx/xxxxpredictiveHög
69Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHög
70Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHög
71Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHög
72Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHög
73Filexxxx-xxxxx.xxxpredictiveHög
74Filexxxx-xxxxxxxx.xxxpredictiveHög
75Filexxxxxxxx.xxxpredictiveMedium
76Filexxxxxx.xxxpredictiveMedium
77Filexxxxxxx-xxxxx.xxxpredictiveHög
78Filexxxx_xxxxx.xxxpredictiveHög
79Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHög
80Filexxxx.xxxpredictiveMedium
81Filexx-xxxxx/xxxx.xxxpredictiveHög
82Filexx-xxxxx-xxxxxx.xxxpredictiveHög
83Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHög
84Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
85Filexxxx.xxxpredictiveMedium
86File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHög
87File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
88File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHög
89File~/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHög
90Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHög
91Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHög
92Argumentxxx_xxxpredictiveLåg
93ArgumentxxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHög
96Argumentxxxxx_xxxxpredictiveMedium
97Argumentxxxx_xxx_xxxxpredictiveHög
98ArgumentxxxxxxxxxxpredictiveMedium
99ArgumentxxxpredictiveLåg
100ArgumentxxxxxxxxxxxxxxxpredictiveHög
101ArgumentxxxxxxpredictiveLåg
102ArgumentxxxxxxxxxxxxxpredictiveHög
103ArgumentxxxxpredictiveLåg
104ArgumentxxxxxpredictiveLåg
105Argumentxxxxxxxxx_xxxxxxpredictiveHög
106ArgumentxxxxxxxxxpredictiveMedium
107Argumentxx_xxxxxxxpredictiveMedium
108ArgumentxxxxpredictiveLåg
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxxxxxxxxxpredictiveHög
111Argumentxxxxxx_xxxxxpredictiveMedium
112Argumentxx_xxpredictiveLåg
113Argumentxxxxxxx[xxxxxxx]predictiveHög
114ArgumentxxxxxpredictiveLåg
115Argumentxxxxxx_xxxx_xxxpredictiveHög
116ArgumentxxpredictiveLåg
117ArgumentxxxxpredictiveLåg
118ArgumentxxxxpredictiveLåg
119ArgumentxxpredictiveLåg
120Argumentxxxxxx/xxxxx/xxxxpredictiveHög
121ArgumentxxxxxxxpredictiveLåg
122ArgumentxxxxpredictiveLåg
123ArgumentxxxxxxxxpredictiveMedium
124Argumentxxxxxx_xxxxxxpredictiveHög
125Argumentxxxxxxx xxxxpredictiveMedium
126Argumentxxxxxxxx_xxpredictiveMedium
127Argumentxxx_xxxxxxpredictiveMedium
128Argumentxxxxxx_xxxxxpredictiveMedium
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxx_xxxxpredictiveMedium
131ArgumentxxxxpredictiveLåg
132ArgumentxxxpredictiveLåg
133Argumentxxxxxx_xxxx[]predictiveHög
134ArgumentxxxxxxxpredictiveLåg
135ArgumentxxxpredictiveLåg
136ArgumentxxxxxpredictiveLåg
137Argumentxx_xxxxxxxxpredictiveMedium
138ArgumentxxxpredictiveLåg
139ArgumentxxxxxxxxpredictiveMedium
140Argument_xxx_xxxxxxxxxxx_predictiveHög
141Input ValuexxxxxpredictiveLåg
142Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHög
143Pattern|xx xx xx xx|predictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!