Camaro Dragon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (198)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh106
en90
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn134
us50
gb12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike3
Mustang Panda2
PingPull1
Earth Preta1
Patchwork1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Web Server10
Router Operating System10
Groupware Software8
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Apache10
Microsoft10
Juniper8
QNAP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server6
Kibana4
Envoy4
Microsoft Exchange Server4
DeDeCMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Kibana TSVB Prototype code injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.04CVE-2020-7013
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.03CVE-2019-7550
3Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.601310.03CVE-2019-11248
4Hughes HX200/HX90/HX50L/HN9460/HN7000S cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001130.00CVE-2023-22971
5Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.13CVE-2022-36883
6Apache HTTP Server HTTP/2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.00CVE-2020-9490
7Laravel FileCookieJar.php deserialization6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2022-30779
8Ghost CMS unrestricted upload5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.008130.04CVE-2022-28397
9TP-Link WRD4300 Web Interface information disclosure4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.194930.03CVE-2020-35575
10Next.js path traversal4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.06CVE-2020-5284
11QNAP Photo Station cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2018-19954
12QNAP Video Station os command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2021-28812
13QNAP QTS Photo Station cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2020-2491
14Linksys WVC54GCA/WVC80N snapshot.cgi sub_AE64 information disclosure9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
15Kibana TSVB Visualization Stored cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2020-7015
16Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001390.00CVE-2021-27231
17codeprojects Farmacia index.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.07CVE-2023-5471
18phpMyAdmin Error Reporting Page File php weakness5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001590.00CVE-2014-8961
19Apache Struts ParametersInterceptor getClass denial of service5.34.6$5k-$25k$0-$5kHighOfficial Fix0.970930.04CVE-2014-0094
20ThinkPHP deserialization7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001770.04CVE-2022-45982

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.33.190helenacarlson.lpCamaro Dragon06/02/2023verifiedHigh
2XX.XXX.XXX.XXXxxxxx Xxxxxx06/02/2023verifiedHigh
3XXX.XXX.XXX.XXXxxxxx Xxxxxx06/02/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxx Xxxxxx06/02/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-55CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/app1/admin#foopredictiveHigh
2File/cgi-bin/gopredictiveMedium
3File/config/server.xmlpredictiveHigh
4File/coreframe/app/guestbook/myissue.phppredictiveHigh
5File/data/config.ftp.phppredictiveHigh
6File/debug/pprofpredictiveMedium
7File/include/helpers/upload.helper.phppredictiveHigh
8File/info.xmlpredictiveMedium
9File/Items/*/RemoteImages/DownloadpredictiveHigh
10File/xxxpredictiveLow
11File/xxxxxx/xxxxxxx/predictiveHigh
12File/xxxx/xxx/x/xxxx/xxxxxxpredictiveHigh
13File/xxx-xpredictiveLow
14File/xxxxxxx/predictiveMedium
15File/xxxxxxpredictiveLow
16File/xxx-xxx/xxx.xxxpredictiveHigh
17File/xxxxxxxx/xxxpredictiveHigh
18Filexx/../../xxxxxxx/xxxx/xxxxxx/xxxxxx_#.xxxpredictiveHigh
19Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxx_xxxx.xxxpredictiveHigh
21Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxx_xxxxx.xxxpredictiveHigh
24Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
25Filexxxxxx/xxxxxxxxxxxpredictiveHigh
26Filexx_xxxx.xxxpredictiveMedium
27Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
28Filexx_xxxxxxx.xpredictiveMedium
29Filexxx/xxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxpredictiveMedium
33Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxx/xxxx_xxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
41Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
44Filexxxxxxx/predictiveMedium
45Filexxxxxxxxx.xxxpredictiveHigh
46Filexx-xxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx.xpredictiveMedium
48Filexxxx.xxpredictiveLow
49Argument$xxxxxxpredictiveLow
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxxxxxx_xxxxx=x%xxpredictiveHigh
52Argumentxxxx_xxxxpredictiveMedium
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxpredictiveMedium
65Argumentxx_xxxx_xxxxpredictiveMedium
66Argumentxxxxx_xxpredictiveMedium
67Argumentxxx_xxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxxx_xxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72Argumentxxxxxxxxx_xxxpredictiveHigh
73ArgumentxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75Argumentxxxxxx/xxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77Input Valuex%xxpredictiveLow
78Network Portxxx/xxxx (xx-xxx-xxxxxxx)predictiveHigh
79Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!