Carrotbat Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Cronología

Idioma

en34
zh22
fr2

País

cn40
us18

Actores

Carrotbat1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined16
Content Management System10
Database Software4
Application Server Software4
Hosting Control Software2

Proveedor

Not Defined24
Parallels2
Cisco2
Muhammad A. Muquit2
Oracle2

Producto

MediaWiki6
Parallels Plesk2
DeDeCMS2
Cisco Secure Access Control System2
Muhammad A. Muquit wwwcount2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Cisco Secure Access Control System EAP-FAST Authentication Module autenticación débil9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005030.00CVE-2013-3466
3Dell SonicWALL GMS/ViewPoint/UMA Authentication autenticación débil9.89.4$5k-$25k$0-$5kHighOfficial Fix0.972090.00CVE-2013-1359
4adminlte escalada de privilegios5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.04CVE-2021-3706
5PRTG Network Monitor login.htm divulgación de información5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.04CVE-2020-11547
6SAP NetWeaver Application Server for ABAP SICF Service abap denegación de servicio3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-40495
7SAP NetWeaver Application Server Java JMS Connector Service escalada de privilegios8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2021-37535
8SAP NetWeaver Application Server ABAP SAP GUI for HTML cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2021-33665
9SAP GUI divulgación de información3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-40503
10F5 BIG-IP iControl REST Authentication bash autenticación débil9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974790.00CVE-2022-1388
11SalesAgility SuiteCRM Scheduled Reports escalada de privilegios6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002910.02CVE-2022-23940
12ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.04CVE-2021-29099
13MediaWiki CentralAuth Extension autenticación débil7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.004040.00CVE-2021-36128
14MediaWiki escalada de privilegios4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.05CVE-2021-44857
15MediaWiki Private Wiki divulgación de información3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.03CVE-2021-45038
16MediaWiki Testwiki SecurePoll divulgación de información3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-46148
17MediaWiki EntitySchema Item escalada de privilegios5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000830.00CVE-2021-45471
18Com User escalada de privilegios7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.098810.02CVE-2008-3681
19Parallels Plesk Request php escalada de privilegios6.56.2$0-$5k$0-$5kHighOfficial Fix0.973630.28CVE-2012-1823
20Ivanti Pulse Connect Secure Administrator Web Interface escalada de privilegios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2021-22937

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Fractured Block

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
161.14.210.72former-enews-out.businessinsider.org.ukCarrotbatFractured Block2020-12-22verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1CAPEC-10CWE-19, CWE-20, CWE-119, CWE-125, CWE-200, CWE-266, CWE-275, CWE-284, CWE-285, CWE-287, CWE-306, CWE-404, CWE-441, CWE-502, CWE-639, CWE-668, CWE-732, CWE-1004Unknown VulnerabilitypredictiveAlto
2T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveAlto
3T1059.007CAPEC-10CWE-74, CWE-79, CWE-707Cross Site ScriptingpredictiveAlto
4TXXXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
10TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/mgmt/tm/util/bashpredictiveAlto
2File/phppath/phppredictiveMedio
3File/sap/public/bc/abappredictiveAlto
4Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveAlto
5Filexxxx-xxxx.xpredictiveMedio
6Filexxxxx.xxxpredictiveMedio
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
8Filexxxx\xx_xx.xxxpredictiveAlto
9Filexxxxx.xxxpredictiveMedio
10Filexxxxx.xxxpredictiveMedio
11Filexxxxx.xxxpredictiveMedio
12Filexxx_xxxxx_xxxxx.xpredictiveAlto
13Argumentxxxxx_xxxxxxxxxxpredictiveAlto
14ArgumentxxpredictiveBajo
15ArgumentxxxpredictiveBajo
16ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
17Argumentxxxx_xxpredictiveBajo
18ArgumentxxxxpredictiveBajo
19Input ValuexxxxxxpredictiveBajo
20Input Valuexxx.xxx[xxxxx]predictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!