Carderbee 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

タイムライン

言語

en50
zh6
de2

国・地域

cn30
us20
gb2

アクター

Carderbee4
Cobalt Strike2
OceanLotus1
Antibot.pw1
FAKEUPDATES1

アクティビティ

関心

タイムライン

タイプ

Not Defined18
Content Management System10
Database Software4
Network Management Software2
WordPress Plugin2

ベンダー

Not Defined12
DZCP2
Paessler2
Triton2
Canon2

製品

DeDeCMS2
DZCP deV!L`z Clanportal2
Paessler PRTG Network Monitor2
Triton CMS Pro2
Jellyfin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.42CVE-2010-0966
3MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
4Gempar Script Toko Online shop_display_products.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
5Invision Power Services IP.Board index.php クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighWorkaround0.001920.04CVE-2014-5106
6Jenkins MultipartFormDataParser 特権昇格6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.02CVE-2023-43498
7WarHound Walking Club Login login.aspx SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2009-0281
8Linux Kernel Flower Classifier cls_flower.c fl_set_geneve_opt メモリ破損6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2023-35788
9Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.028180.03CVE-2023-23415
10Red Hat WildFly Blacklist Filter File 情報の漏洩7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.098170.04CVE-2016-0793
11Synology DiskStation Manager Webapi ディレクトリトラバーサル6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2022-27610
12ONLYOFFICE Document Server JWT upload ディレクトリトラバーサル8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028230.04CVE-2021-3199
13Juniper Web Device Manager Authentication 弱い認証9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
14Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.05CVE-2022-23276
15Citrix StoreFront SAML Authentication クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2022-27503
16McAfee Agent Deployment cleanup.exe 特権昇格8.17.5$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000510.00CVE-2021-31854
17DedeCMS login.php Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.008630.00CVE-2022-35516
18DeDeCMS downmix.inc.php Path 情報の漏洩5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.06CVE-2018-6910
19Triton CMS Pro SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001370.00CVE-2008-3153
20Git Plugin Build 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.00CVE-2022-36883

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.76.179.20945.76.179.209.vultrusercontent.comCarderbee2023年08月29日verified
2XXX.XXX.XX.XXXxxxxxxxx2023年08月29日verified
3XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2023年08月29日verified
4XXX.XXX.XXX.XXXXxxxxxxxx2023年08月29日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/user/Config.cgipredictive
2File/checkLogin.cgipredictive
3File/forum/away.phppredictive
4File/Items/*/RemoteImages/Downloadpredictive
5File/uploadpredictive
6Filexxxxx/xxxxx.xxxpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexxx/xxxxxx.xxxpredictive
10Filexxxxxxx/xxxxxxx.xxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxxxxxxxx.xxxpredictive
13Filexxxxx.xxxxxxx.xxxpredictive
14Filexxxx_xxxx.xxxpredictive
15Filexxxxx.xxxxpredictive
16Filexxxxx.xxxpredictive
17Filexxx/xxxxx/xxx_xxxxxx.xpredictive
18Filexxx-xxx.xxxx.xxpredictive
19Filexxxx.xxxpredictive
20Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
21Filexxxxx.xxxpredictive
22Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
23Filexxxxxxxx-xxxxxxxxxxx.xxxpredictive
24Filexxxxxxx/xxxxxxxx-xxxxpredictive
25Filexxxxxxx.xxxpredictive
26Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictive
27Argumentxxxxxxxxpredictive
28Argumentxxxpredictive
29Argumentxxx_xxpredictive
30Argumentxxxx_xxpredictive
31Argumentxxpredictive
32Argumentxxpredictive
33Argumentxxxxxxxxpredictive
34Argumentxxxx_xxpredictive
35Argumentxxxxxxxpredictive
36Argumentxxxxxxxpredictive
37Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictive
38Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!