CrackedCantil Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (255)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en228
ru16
es12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us122
de66
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CrackedCantil7
Stealc6
RedLine Stealer5
Amadey5
RisePro4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Forum Software12
Content Management System12
Operating System8
Web Browser8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Google10
Microsoft6
IBM6
Esoftpro4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Esoftpro Online Guestbook Pro4
ecryptfs-utils4
Samba4
Google Chrome4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.54
2Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.38
3Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.08CVE-2023-4966
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.84
6SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.54CVE-2022-28959
7PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.50CVE-2007-0529
8SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.04CVE-2023-1503
9PHP Scripts Mall Multi Language Olx Clone Script cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001150.02CVE-2018-6845
10System Dashboard Plugin sd_option_value authorization4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-5713
11DZCP Witze Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002610.04CVE-2012-5000
12TOTOLINK A860R downloadFile.cgi command injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.448620.04CVE-2022-40475
13Corel ActiveCGM Browser ActiveX Control acgm.dll memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.049280.05CVE-2007-2921
14IBM Tivoli Directory Server Web Administration Tool information disclosure7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002770.00CVE-2015-1977
15Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001930.00CVE-2014-100038
16Big Webmaster Big Webmaster Guestbook Script addguest.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.04CVE-2006-2231
17PHPGurukul User Registration & Login and User Management System bwdates-report-result.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.05CVE-2024-28323
18Dreaxteam Xt-News show_news.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002020.00CVE-2006-6747
19D-Link DNS-320 system_mgr.cgi command injection8.08.0$5k-$25k$0-$5kHighNot Defined0.973940.00CVE-2020-25506
20Bitrix24 tools.php initialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.027540.05CVE-2023-1719

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.42.64.41CrackedCantil02/01/2024verifiedHigh
213.32.121.85server-13-32-121-85.fra60.r.cloudfront.netCrackedCantil02/01/2024verifiedHigh
318.66.142.79server-18-66-142-79.fra60.r.cloudfront.netCrackedCantil02/01/2024verifiedHigh
4XX.XX.XXX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
5XXX.XX.XX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
7XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxx02/01/2024verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
9XXX.XXX.X.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxxxxxxx02/01/2024verifiedHigh
11XXX.XXX.XX.XXxxxxxxxxxxxx02/01/2024verifiedHigh
12XXX.XXX.XXX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxxxx02/01/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/advanced-tools/nova/bin/netwatchpredictiveHigh
3File/cgi-bin/downloadFile.cgipredictiveHigh
4File/cgi-bin/system_mgr.cgipredictiveHigh
5File/client/campaign_track.phppredictiveHigh
6File/forum/away.phppredictiveHigh
7File/oauth/idp/.well-known/openid-configurationpredictiveHigh
8File/spip.phppredictiveMedium
9File/userLogin.asppredictiveHigh
10Filead.cgipredictiveLow
11Fileaddguest.cgipredictiveMedium
12Fileadmin/addProxyConnector_commit.actionpredictiveHigh
13Fileadmin/admin_index.phppredictiveHigh
14Fileaff_news.phppredictiveMedium
15Fileallmanageup.plpredictiveHigh
16Fileamadmin.plpredictiveMedium
17Filexxx-xx-xxx/xxx_xxx/xxx_xxxx.xpredictiveHigh
18Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxxxx.xxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx_xxxxx.xxxpredictiveHigh
25Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
27Filexxx_xxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
29Filexxxxxx_xxxx.xxxpredictiveHigh
30Filexxxx_xxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxx_xxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
38Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
39Filexxxxxxx.xxpredictiveMedium
40Filexxxxxxxx-xxxxx-xxx-xxxxxxx.xxpredictiveHigh
41Filexxxxxxx-xxxxxxx.xxxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxx/xxxx.xxxpredictiveHigh
45Filexxxxxxx.xxx_predictiveMedium
46Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxxx.xxxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexxxxx/xxxxx.xxxpredictiveHigh
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxx.xxxpredictiveMedium
56Filexxx/xxxxxxxxxxx.xxpredictiveHigh
57Filexxxxxxxx.xxpredictiveMedium
58Filexxxxxx.xxxpredictiveMedium
59Filexxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxx/xxxxxx:xxxxxxxxxxxxxxxxxpredictiveHigh
61Filexxx-xxxxxxxx.xxpredictiveHigh
62Filexxx_xxxx.xxxpredictiveMedium
63Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
70Filexxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxx_xxxxxx.xxxpredictiveHigh
72Filexxxx/xxxxx/xxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
73Filexxxx/xxxxx/xxxx_xxxxxx_xxxx.xxxpredictiveHigh
74Filexxxx/xxxxxxx.xxxpredictiveHigh
75Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
76Filexxxx_xxxx.xxxpredictiveHigh
77Filexxxxx.xxxpredictiveMedium
78Filexxxxxxxx.xxxpredictiveMedium
79Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
80Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxxx-xxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxxx.xxxpredictiveHigh
84Filexxx-xxxxx.xxxpredictiveHigh
85Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
86Filexx-xxxxx/xxxx.xxxpredictiveHigh
87Filexxxxx_xxx/xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveHigh
88Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
89Libraryxxxx.xxxpredictiveMedium
90Libraryxxx-xx-xxx/xxx_xxx/xxx_xxxx.xpredictiveHigh
91Libraryxxxxxxx.xxxpredictiveMedium
92Argumentxxx_xxxxpredictiveMedium
93ArgumentxxxxxxxxxpredictiveMedium
94ArgumentxxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96ArgumentxxxpredictiveLow
97Argumentxxxx_xxxxpredictiveMedium
98Argumentxxxxxxxx/xxxxxxpredictiveHigh
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
102ArgumentxxxxxpredictiveLow
103ArgumentxxxpredictiveLow
104ArgumentxxxxxxxxpredictiveMedium
105ArgumentxxpredictiveLow
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxpredictiveLow
110Argumentxxxxx_xxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxpredictiveLow
113Argumentxxxxxxxxx_xxxxxxxxxxxxxxpredictiveHigh
114ArgumentxxpredictiveLow
115Argumentxx_xxxxpredictiveLow
116ArgumentxxxxxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxpredictiveLow
120ArgumentxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122ArgumentxxxxxpredictiveLow
123ArgumentxxxxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125Argumentxxxx_xxxxpredictiveMedium
126ArgumentxxxxxxpredictiveLow
127ArgumentxxxxxxxxxpredictiveMedium
128ArgumentxxxxxpredictiveLow
129ArgumentxxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132Argumentxxxx/xxxx/xxxpredictiveHigh
133ArgumentxxxxxxxxpredictiveMedium
134Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
135Argumentxxxxxxxxxxx[xxxxxxxx]predictiveHigh
136Argumentxx-xxxxxx_xxxxpredictiveHigh
137Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
138Input Value<xxxxxxxx>\xpredictiveMedium
139Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
140Network Portxxxx xxxxpredictiveMedium
141Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!