Carderbee Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (62)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en46
zh14
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China40
US: USA14
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Carderbee4
OceanLotus1
Meterpreter1
Antibot.pw1
FAKEUPDATES1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Content Management System8
Operating System4
Database Software4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Microsoft6
Triton2
3602
LogicBoard2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Triton CMS Pro2
360 Router P02
360 Router F5C2
LogicBoard CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.30CVE-2010-0966
3MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
4Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003730.07CVE-2009-0296
5Invision Power Services IP.Board index.php cross site scripting4.34.2$0-$5k$0-$5kHighWorkaroundpossible0.002540.00CVE-2014-5106
6ggerganov llama.cpp rpc_tensor write-what-where condition9.99.7$0-$5k$0-$5kNot definedOfficial fix 0.002420.00CVE-2024-42479
7Apple iOS/iPadOS File integer overflow5.95.8$25k-$100k$5k-$25kNot definedOfficial fix 0.000720.00CVE-2024-40784
8Pioneer DMH-WT7600NEX Telematics path traversal5.45.2$0-$5k$0-$5kNot definedNot defined 0.000470.00CVE-2024-23929
9code-projects Online Bus Reservation Site register.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001890.08CVE-2024-7311
10Google Android Health Data permission6.86.8$25k-$100k$5k-$25kNot definedOfficial fix 0.000130.04CVE-2024-23706
11Jenkins MultipartFormDataParser permission6.86.7$0-$5k$0-$5kNot definedOfficial fix 0.002140.00CVE-2023-43498
12WarHound Walking Club Login login.aspx sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003410.02CVE-2009-0281
13Linux Kernel Flower Classifier cls_flower.c fl_set_geneve_opt out-of-bounds write6.66.5$5k-$25k$0-$5kNot definedOfficial fix 0.000620.00CVE-2023-35788
14Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.039760.04CVE-2023-23415
15Red Hat WildFly Blacklist Filter File information disclosure7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.248300.02CVE-2016-0793
16Synology DiskStation Manager Webapi path traversal6.46.4$0-$5kCalculatingNot definedOfficial fix 0.005950.02CVE-2022-27610
17ONLYOFFICE Document Server JWT upload pathname traversal8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.067580.03CVE-2021-3199
18Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround 0.000000.00
19Microsoft SQL Server privilege escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial fix 0.001590.03CVE-2022-23276
20Citrix StoreFront SAML Authentication cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.004050.06CVE-2022-27503

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.179.20945.76.179.209.vultrusercontent.comCarderbee08/29/2023verifiedMedium
2XXX.XXX.XX.XXXxxxxxxxx08/29/2023verifiedHigh
3XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx08/29/2023verifiedMedium
4XXX.XXX.XXX.XXXXxxxxxxxx08/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/checkLogin.cgipredictiveHigh
3File/forum/away.phppredictiveHigh
4File/Items/*/RemoteImages/DownloadpredictiveHigh
5File/uploadpredictiveLow
6Filexxxxx/xxxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxxxxx.xxxpredictiveHigh
14Filexxxx_xxxx.xxxpredictiveHigh
15Filexxxxx.xxxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxx/xxxxx/xxx_xxxxxx.xpredictiveHigh
18Filexxx-xxx.xxxx.xxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxpredictiveLow
30Argumentxxx_xxpredictiveLow
31Argumentxxxx_xxpredictiveLow
32ArgumentxxxxxpredictiveLow
33ArgumentxxpredictiveLow
34ArgumentxxpredictiveLow
35ArgumentxxxxxxxxpredictiveMedium
36Argumentxxxx_xxpredictiveLow
37ArgumentxxxxxxxpredictiveLow
38ArgumentxxxxxxxpredictiveLow
39Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
40Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!