Careto Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (603)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en580
de16
fr2
pl2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de186
us88
es10
cn2
nl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Careto3
Mirai1
Grizzly Steppe1
Generickdz1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined256
Operating System50
Router Operating System28
Smartphone Operating System18
Web Browser14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined186
Microsoft30
Cisco30
Google18
Adobe16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Google Android12
Adobe Magento Commerce12
Cisco IOS XE10
Linux Kernel10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atlassian Confluence Server/Data Center uncontrolled search path5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.05CVE-2021-43940
2Apple macOS Login Window state issue4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.05CVE-2021-30702
3Microsoft Windows Active Directory integrated DNS privileges management8.88.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011800.00CVE-2020-0761
4lighttpd mod_alias_physical_handler mod_alias.c path traversal7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004930.00CVE-2018-19052
5nginx ngx_http_mp4_module information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
6Click Studios Passwordstate PIN Generator information disclosure4.94.9$0-$5kCalculatingNot DefinedNot Defined0.002300.00CVE-2020-27747
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.17CVE-2017-0055
8WordPress Password Reset wp-login.php mail password recovery6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.06CVE-2017-8295
9Rarlab WinRar Recovery Volume array index6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.03CVE-2023-40477
10Ingredients Stock Management System view_item.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2022-36701
11HPE OfficeConnect 1820 improper authentication9.19.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.03CVE-2022-37932
12Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.04CVE-2022-34916
13SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.05CVE-2022-2706
14TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow9.49.4$0-$5k$0-$5kNot DefinedNot Defined0.002160.00CVE-2022-24014
15Download Monitor Plugin wp-config.php access control4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2021-31567
16Questions For Confluence App hard-coded credentials8.58.4$0-$5k$0-$5kHighOfficial Fix0.972080.00CVE-2022-26138
17Wavlink WL-WN575A3 POST Request obtw command injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003730.00CVE-2022-34592
18Google Chrome Chrome OS Shell use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005410.00CVE-2022-2296
19Dice File unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002980.00CVE-2022-32413
20HMA VPN unquoted search path8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2022-26634

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
18.28.16.254Careto01/01/2021verifiedHigh
212.0.0.38Careto01/01/2021verifiedHigh
323.20.44.92ec2-23-20-44-92.compute-1.amazonaws.comCareto01/01/2021verifiedMedium
437.235.63.127127-63-235-37.static.edis.atCareto01/01/2021verifiedHigh
5XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxxx01/01/2021verifiedHigh
6XX.XX.XX.XXXxxxxx01/01/2021verifiedHigh
7XX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx01/01/2021verifiedHigh
8XX.X.XXX.XXxxxxxxxx-xx-x-xxx-xxx.xxxxxxxxxx.xxXxxxxx01/01/2021verifiedHigh
9XXX.XXX.XXX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxx01/01/2021verifiedHigh
10XXX.XXX.XXX.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxx01/01/2021verifiedHigh
11XXX.XX.XX.XXXxxxxx01/01/2021verifiedHigh
12XXX.XXX.XXX.XXXxxxxx01/01/2021verifiedHigh
13XXX.XX.XXX.XXXxxxxxxxxx.xxxXxxxxx01/01/2021verifiedHigh
14XXX.XX.XXX.XXXxxx-xxxx-xxxx.xxxx.xxXxxxxx01/01/2021verifiedHigh
15XXX.XXX.XX.XXXxxxx.xxxxxxxxxx.xxx.xxXxxxxx01/01/2021verifiedHigh
16XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxxXxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-49CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
23TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (195)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/update_setuppredictiveHigh
2File/APP_Installation.asppredictiveHigh
3File/cgi-bin/live_api.cgipredictiveHigh
4File/IISADMPWDpredictiveMedium
5File/items/view_item.phppredictiveHigh
6File/pages/class_sched.phppredictiveHigh
7File/php-fusion/infusions/shoutbox_panel/shoutbox_archive.phppredictiveHigh
8File/platform.cgipredictiveHigh
9File/Status/wan_button_action.asppredictiveHigh
10File/tmp/.uci/networkpredictiveHigh
11File/uncpath/predictiveMedium
12File/UserspredictiveLow
13File/usr/predictiveLow
14FileAavmker4.syspredictiveMedium
15Fileadd_user.phppredictiveMedium
16Fileadmin/app/physical/physical.phppredictiveHigh
17Fileadmin/auto.defpredictiveHigh
18Fileapi/settings/valuespredictiveHigh
19Fileapp/admin/custom-fields/filter.phppredictiveHigh
20Fileappfeed.cpredictiveMedium
21Fileashmem.cpredictiveMedium
22Fileauth-gss2.cpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxxx/xxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxx/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28FilexxxxpredictiveLow
29Filexxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx/xxx/xxxxxx_xxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxx/xxxxxxx-xxxx.xpredictiveHigh
34Filexxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxx.xpredictiveLow
38Filexxxx/xxxxx.xxpredictiveHigh
39Filexxx_xxxxxx.xpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxx/xxx/xxx/xxx/xxxxxxx/xxxxxx/xxxxxx_xx_xxxxxxxxx.xpredictiveHigh
42Filexxxxxxx/xxx/xxx/xxxx/xxxx_xxx_xxx.xpredictiveHigh
43Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxx.xpredictiveHigh
44Filexxxxxxx/xxxx/xxxxxxx/xxxxxxxx.xpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
47Filexxxxxxx.xpredictiveMedium
48Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxx.xxxpredictiveHigh
50Filexx/xxxxx/xxxx-xxxxx-xxxxx.xpredictiveHigh
51Filexxxxxxx.xpredictiveMedium
52Filexxx/xxxx_xxxx.xpredictiveHigh
53Filexxxxxx/xxxxxpredictiveMedium
54Filexxxx_xxxxxx.xpredictiveHigh
55Filexxxxxxxxx.xpredictiveMedium
56Filexxxx/xxxx/xxxxxxx/xxxxx.xxxxpredictiveHigh
57Filexx.xxpredictiveLow
58Filexxxx_xxxx.xpredictiveMedium
59Filexx/xxx/xxxxxx-xxx.xpredictiveHigh
60Filexx/xxx/xxx.xpredictiveMedium
61Filexxxxxxx/xx/xxxxxx/xxxxxx-xxx.xpredictiveHigh
62Filexxxxxxx/xxxxx/xxxxxx/xxxx.xpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxpredictiveHigh
65Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
67Filexxx.xpredictiveLow
68Filexxxxxxxx/xxx_xxxx.xpredictiveHigh
69Filexxxxx.xpredictiveLow
70Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
71Filexxx_xxx.xpredictiveMedium
72Filexxxxxxxx.xxxpredictiveMedium
73FilexxxxxxxxxpredictiveMedium
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxxxx.xxxpredictiveMedium
76Filexxxxxxx/xxxxxx_xxxxxxx/{xx}predictiveHigh
77Filexxxxxxxxxxx.xxpredictiveHigh
78Filexxxxxxxxx.xpredictiveMedium
79Filexx/xxxxxxx.xpredictiveMedium
80Filexx/xxxxxxxxx.xpredictiveHigh
81Filexxx/xxx_xxx/xxxxxx/xxx_xxxxxx.xpredictiveHigh
82Filexxxxxxx/xxxxx/xxxx.xpredictiveHigh
83Filexxx_xxxxx.xpredictiveMedium
84Filexxx/xxxx/xxx.xpredictiveHigh
85Filexxx/xxxxxxxx/xxxxxxx.xpredictiveHigh
86Filexxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxx.xpredictiveMedium
88Filexxx_xxxx.xpredictiveMedium
89Filexxxxxx.xxxpredictiveMedium
90Filexxxxxx_xxxxxxxxxx.xxpredictiveHigh
91Filexxxxxx.xpredictiveMedium
92Filexxxxxxx/xxxxxxxxxxxxx/xxxxx-xxxx.xxxpredictiveHigh
93Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
94Filexxxx.xpredictiveLow
95Filexxxxx-xxx.xpredictiveMedium
96Filexxxxxxxxxxx.xxxxpredictiveHigh
97Filexxxxxxxxxx.xxxpredictiveHigh
98Filexxx/xxxxxpredictiveMedium
99Filexxx.xpredictiveLow
100Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
101Filexxxxxx.xxxpredictiveMedium
102Filexxxxxxxx/xxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxpredictiveHigh
103Filexxxxx.xxxpredictiveMedium
104Filexxxxx/xxx/xxxxx/xxxxxx.xpredictiveHigh
105Filexxxxxx.xxpredictiveMedium
106Filexxx/xxxxxxxxxx_xxxxpredictiveHigh
107Filexxx_xxxxxxxx.xpredictiveHigh
108Filexxxxxxx/xxxxxxxxxxxxpredictiveHigh
109Filexxxxxxxx.xxxpredictiveMedium
110Filexxxxxxxx.xxxxpredictiveHigh
111Filexxxxxx_xxxxxxx_xxxx_xxxxx.xxxpredictiveHigh
112Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
113Filexxx.xxxpredictiveLow
114Filexxxxxx.xxxpredictiveMedium
115Filexx/xxxxxxxxx/xxpredictiveHigh
116Filexxxxxxxxx.xxxpredictiveHigh
117Filexxxxxx/xxxxxx.xpredictiveHigh
118Filexxxx/xxxxxxx-xxxx.xpredictiveHigh
119Filexxxxxxxx.xxxpredictiveMedium
120Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx-xxxx&xxxxxxx=xxxxpredictiveHigh
121Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxx%xxxxxxxxxxx.xxxpredictiveHigh
122Filexx-xxxxxx.xxxpredictiveHigh
123Filexx-xxxxx.xxxpredictiveMedium
124Filexxxxxxxxx.xxxpredictiveHigh
125Filexxxx.xxpredictiveLow
126Libraryxxxxxxx.xxxpredictiveMedium
127Libraryxxx/xxx.xpredictiveMedium
128Libraryxxxxxxxx.xxxpredictiveMedium
129Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
130Libraryxxxxxxxx.xxxpredictiveMedium
131Libraryxxxxxxx.xxxpredictiveMedium
132Libraryxxxxxxxx.xxxpredictiveMedium
133Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
134Argument-xpredictiveLow
135ArgumentxxxxxxxxxxxxpredictiveMedium
136Argumentxxxx_xxxxxxpredictiveMedium
137ArgumentxxxxxpredictiveLow
138Argumentxxxxxxxxxxxx_xxxxxxxxxxxxpredictiveHigh
139ArgumentxxxxxpredictiveLow
140ArgumentxxxxxxxpredictiveLow
141Argumentxxxxxx_xxxxxx_xxpredictiveHigh
142ArgumentxxxxxxpredictiveLow
143Argumentxxxx_xxxxpredictiveMedium
144Argumentxxxxxx xxxx/xxxxxx xxxxxxx/xxxx xxxx/xxxxx/xxxxxxxx/xxxpredictiveHigh
145Argumentxxxxxxxxxxxx_xxxx_xxxx[x]predictiveHigh
146ArgumentxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxpredictiveLow
151Argumentx_xxxxxxxxpredictiveMedium
152ArgumentxxxxxxxpredictiveLow
153Argumentxxxxxx_xxx/xxxxx_xxxpredictiveHigh
154ArgumentxxxxpredictiveLow
155ArgumentxxxxpredictiveLow
156Argumentxxxx_xxxxxpredictiveMedium
157ArgumentxxpredictiveLow
158ArgumentxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxxpredictiveLow
162ArgumentxxxxxxxpredictiveLow
163ArgumentxxxxxpredictiveLow
164ArgumentxxxxxpredictiveLow
165ArgumentxxxxxxxxxpredictiveMedium
166ArgumentxxxxxxxxpredictiveMedium
167ArgumentxxxxpredictiveLow
168ArgumentxxxpredictiveLow
169ArgumentxxxxxxxpredictiveLow
170ArgumentxxxxxxxxxxxpredictiveMedium
171Argumentxxxxxx_xxxpredictiveMedium
172ArgumentxxxxxxxpredictiveLow
173Argumentxxxxxx xxxxxxxxxpredictiveHigh
174Argumentxxxxx_xxx/xxxxx_xxxxxpredictiveHigh
175Argumentxx_xxxxpredictiveLow
176ArgumentxxxxpredictiveLow
177ArgumentxxxxxxxxxxxxxpredictiveHigh
178ArgumentxxxxxpredictiveLow
179ArgumentxxxxxxxxpredictiveMedium
180ArgumentxxxxpredictiveLow
181Argumentxxxx_xxxxpredictiveMedium
182Argument{xxxxxpredictiveLow
183Input Value'||(xxxxxx xxxxxxxxxx xxxxx xxxx=xxxx xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x))||'predictiveHigh
184Input Value**@xxxxxxpredictiveMedium
185Input Value../predictiveLow
186Input Valuexxx.x.x.xpredictiveMedium
187Input Valuexxxxx://xxxx.xxxxxxx.xxx@xxxxxx.xxxxxxx.xxx/predictiveHigh
188Input ValuexxxxxxxxxxpredictiveMedium
189Input ValuexxxxpredictiveLow
190Network Portxxx xxxxxpredictiveMedium
191Network Portxxx xxxxxpredictiveMedium
192Network Portxxx/xxxpredictiveLow
193Network Portxxx/xxxxpredictiveMedium
194Network Portxxx/xxx (xxx)predictiveHigh
195Network Portxxx xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!