CyberCartel Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh20
en18
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn30
us8
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CyberCartel3
RisePro1
Rhadamanthys1
BianLian1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Operating System8
Programming Language Software4
WordPress Plugin2
Virtualization Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Danfoss4
HP2
Microsoft2
Citrix2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

HP Tru64 UNIX2
Microsoft Windows2
RVM Plugin2
Danfoss AK-SM800A2
Kubernetes2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Danfoss AK-EM100 os command injection9.39.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2023-25911
2Qualcomm WSA8835 Sectools Fuse Comparison memory corruption8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-21671
3Trane Tracer SC/Tracer SC+/Tracer Concierge Code Syntax code injection8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000900.02CVE-2021-38450
4Danfoss AK-EM100 cross site scripting6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-22582
5Danfoss AK-EM100 Login Form sql injection9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.000760.01CVE-2023-22583
6Danfoss AK-SM800A Web Report improper authentication6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000870.01CVE-2023-25913
7Cisco Linksys Router tmUnblock.cgi privileges management9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00
8Sierra Wireless ALEOS hard-coded key6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2023-40464
9jeecg-boot Sleep Command SysDictMapper.java sql injection6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-1741
10jeecg-boot API Documentation improper authentication6.86.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-1784
11sox formats_i.c lsx_readbuf heap-based overflow6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.03CVE-2023-34432
12FasterXML jackson-databind Deserialize resource consumption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002330.03CVE-2022-42003
13WebSoft HCM cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2022-46903
14Microsoft Windows Pragmatic General Multicast Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.024130.04CVE-2023-28250
15fastify passport csrf-protection Library cross-site request forgery5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.04CVE-2023-29020
16fastify passport fastify session session fixiation7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.00CVE-2023-29019
17SourceCodester Task Reminder System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003690.00CVE-2023-2218
18Hibernate Validator Security Manager access control7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.05CVE-2017-7536
19Apache DolphinScheduler command injection7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.008930.00CVE-2022-45462
20Atlassian Crowd REST API improper authentication8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001800.05CVE-2022-43782

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1104.156.149.33CyberCartel04/08/2024verifiedHigh
2XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/08/2024verifiedHigh
3XXX.XX.XX.XXXXxxxxxxxxxx04/08/2024verifiedHigh
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/08/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/manage_user.phppredictiveHigh
2Fileadmin/login.phppredictiveHigh
3Fileadmin/menu.phppredictiveHigh
4Filexxxxxxx_xxxxxxxxx_xxxx.xxxpredictiveHigh
5Filexxxxxxx/xxxx/xxxxxxx/xxxxxxxx.xpredictiveHigh
6Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxx_xxxxxx.xxxpredictiveHigh
9Filexxx/xxx/xxxxxxx_x.xpredictiveHigh
10Filexxxxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxxxxxx.xxxpredictiveHigh
12Argumentxxx_xxxxpredictiveMedium
13Argumentxxxxxxxxxxx/xxxxxxxxxxxxx/xxxx_xxxxx_xxxxpredictiveHigh
14ArgumentxxxxxpredictiveLow
15ArgumentxxpredictiveLow
16ArgumentxxxpredictiveLow
17ArgumentxxxxxxxxxpredictiveMedium
18Argumentxxx_xxxxxx_xxxxxxx_xxxx_xxxxpredictiveHigh
19Argumentxxxx_xxpredictiveLow
20Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!