Carrotbat Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Sprache

en	44
zh	14

Land

cn	32
us	26

Akteure

Carrotbat	1

Interesse

Typ

Not Defined	18
Content Management System	8
Firewall Software	4
Programming Language Software	4
Database Software	2

Hersteller

Not Defined	20
SAP	4
Oracle	2
Dell	2
Thomas R. Pasawicz	2

Produkt

MediaWiki	6
Oracle Database Server	2
Moodle	2
Dell SonicWALL GMS	2
Dell ViewPoint	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Cisco Secure Access Control System EAP-FAST Authentication Module schwache Authentisierung	9.8	9.4	$5k-$25k	Wird berechnet	Not Defined	Official Fix	0.00	0.00503	CVE-2013-3466
3	Dell SonicWALL GMS/ViewPoint/UMA Authentication schwache Authentisierung	9.8	9.4	$5k-$25k	$0-$5k	High	Official Fix	0.00	0.97222	CVE-2013-1359
4	adminlte erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00129	CVE-2021-3706
5	PRTG Network Monitor login.htm Information Disclosure	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00110	CVE-2020-11547
6	SAP NetWeaver Application Server for ABAP SICF Service abap Denial of Service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00089	CVE-2021-40495
7	SAP NetWeaver Application Server Java JMS Connector Service erweiterte Rechte	8.6	8.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00226	CVE-2021-37535
8	SAP NetWeaver Application Server ABAP SAP GUI for HTML Cross Site Scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00054	CVE-2021-33665
9	SAP GUI Information Disclosure	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00044	CVE-2021-40503
10	F5 BIG-IP iControl REST Authentication bash schwache Authentisierung	9.8	9.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.97477	CVE-2022-1388
11	SalesAgility SuiteCRM Scheduled Reports erweiterte Rechte	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00291	CVE-2022-23940
12	ArcGIS Server SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00073	CVE-2021-29099
13	MediaWiki CentralAuth Extension schwache Authentisierung	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00404	CVE-2021-36128
14	MediaWiki erweiterte Rechte	4.6	4.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00068	CVE-2021-44857
15	MediaWiki Private Wiki Information Disclosure	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00089	CVE-2021-45038
16	MediaWiki Testwiki SecurePoll Information Disclosure	3.5	3.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00104	CVE-2021-46148
17	MediaWiki EntitySchema Item erweiterte Rechte	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00083	CVE-2021-45471
18	Com User erweiterte Rechte	7.3	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.09881	CVE-2008-3681
19	Parallels Plesk Request php erweiterte Rechte	6.5	5.9	$0-$5k	$0-$5k	High	Official Fix	0.00	0.97411	CVE-2012-1823
20	Ivanti Pulse Connect Secure Administrator Web Interface erweiterte Rechte	4.3	4.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00108	CVE-2021-22937

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Fractured Block

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	61.14.210.72	former-enews-out.businessinsider.org.uk	Carrotbat	Fractured Block	22.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	T1059.007	CWE-79	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/mgmt/tm/util/bash	prädiktiv	High
2	File	/phppath/php	prädiktiv	Medium
3	File	/sap/public/bc/abap	prädiktiv	High
4	File	xxxxxxxxx/xxxxxxxxxxxxx	prädiktiv	High
5	File	xxxx-xxxx.x	prädiktiv	Medium
6	File	xxxxx.xxx	prädiktiv	Medium
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
8	File	xxxx\xx_xx.xxx	prädiktiv	High
9	File	xxxxx.xxx	prädiktiv	Medium
10	File	xxxxx.xxx	prädiktiv	Medium
11	File	xxxxx.xxx	prädiktiv	Medium
12	File	xxx_xxxxx_xxxxx.x	prädiktiv	High
13	Argument	xxxxx_xxxxxxxxxx	prädiktiv	High
14	Argument	xx	prädiktiv	Low
15	Argument	xxx	prädiktiv	Low
16	Argument	xxxxxxxxxxxxxxxx	prädiktiv	High
17	Argument	xxxx_xx	prädiktiv	Low
18	Argument	xxxx	prädiktiv	Low
19	Input Value	xxxxxx	prädiktiv	Low
20	Input Value	xxx.xxx[xxxxx]	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!