Carrotbat Analysis

IOB - Indicator of Behavior (57)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
zh24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn46
us12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MediaWiki4
Moodle4
Microsoft Office2
FileZilla Server2
SAP NetWeaver Application Server ABAP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Cisco Secure Access Control System EAP-FAST Authentication Module improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01136CVE-2013-3466
3Dell SonicWALL GMS/ViewPoint/UMA Authentication improper authentication9.89.4$5k-$25k$0-$5kHighOfficial Fix0.000.85322CVE-2013-1359
4adminlte cookie httponly flag5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-3706
5PRTG Network Monitor login.htm information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.08592CVE-2020-11547
6SAP NetWeaver Application Server for ABAP SICF Service abap denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-40495
7SAP NetWeaver Application Server Java JMS Connector Service improper authorization8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-37535
8SAP NetWeaver Application Server ABAP SAP GUI for HTML cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-33665
9SAP GUI information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-40503
10F5 BIG-IP iControl REST Authentication bash missing authentication9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.91244CVE-2022-1388
11SalesAgility SuiteCRM Scheduled Reports deserialization6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.23850CVE-2022-23940
12ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-29099
13MediaWiki CentralAuth Extension improper authentication7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2021-36128
14MediaWiki access control4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-44857
15MediaWiki Private Wiki information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-45038
16MediaWiki Testwiki SecurePoll information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00890CVE-2021-46148
17MediaWiki EntitySchema Item access control5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.010.01018CVE-2021-45471
18Com User access control7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.06790CVE-2008-3681
19Parallels Plesk Request php input validation6.55.9$0-$5k$0-$5kHighOfficial Fix0.040.92683CVE-2012-1823
20Ivanti Pulse Connect Secure Administrator Web Interface unrestricted upload4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-22937

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Fractured Block

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
161.14.210.72former-enews-out.businessinsider.org.ukCarrotbatFractured BlockverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mgmt/tm/util/bashpredictiveHigh
2File/phppath/phppredictiveMedium
3File/sap/public/bc/abappredictiveHigh
4Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
5Filexxxx-xxxx.xpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx\xx_xx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxx_xxxxx_xxxxx.xpredictiveHigh
13Argumentxxxxx_xxxxxxxxxxpredictiveHigh
14ArgumentxxpredictiveLow
15ArgumentxxxpredictiveLow
16ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
17Argumentxxxx_xxpredictiveLow
18ArgumentxxxxpredictiveLow
19Input ValuexxxxxxpredictiveLow
20Input Valuexxx.xxx[xxxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!