Carrotbat Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Sequenza temporale

Linguaggio

en32
zh24
de2

Nazione

cn42
us16

Attori

Carrotbat1

Attività

Interesse

Sequenza temporale

Genere

Not Defined22
Firewall Software6
Application Server Software4
Learning Management Software4
Network Management Software2

Fornitore

Not Defined22
SAP6
Cisco2
Parallels2
Muhammad A. Muquit2

Prodotto

Moodle4
SAP NetWeaver Application Server ABAP2
SilverCity2
Cisco Secure Access Control System2
ArcGIS Server2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Cisco Secure Access Control System EAP-FAST Authentication Module autenticazione debole9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005030.00CVE-2013-3466
3Dell SonicWALL GMS/ViewPoint/UMA Authentication autenticazione debole9.89.4$5k-$25k$0-$5kHighOfficial Fix0.972220.00CVE-2013-1359
4adminlte escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.04CVE-2021-3706
5PRTG Network Monitor login.htm rivelazione di un 'informazione5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.03CVE-2020-11547
6SAP NetWeaver Application Server for ABAP SICF Service abap denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-40495
7SAP NetWeaver Application Server Java JMS Connector Service escalazione di privilegi8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2021-37535
8SAP NetWeaver Application Server ABAP SAP GUI for HTML cross site scripting3.53.5$0-$5k$5k-$25kNot DefinedNot Defined0.000540.00CVE-2021-33665
9SAP GUI rivelazione di un 'informazione3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-40503
10F5 BIG-IP iControl REST Authentication bash autenticazione debole9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974640.05CVE-2022-1388
11SalesAgility SuiteCRM Scheduled Reports escalazione di privilegi6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002910.02CVE-2022-23940
12ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.09CVE-2021-29099
13MediaWiki CentralAuth Extension autenticazione debole7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.004040.00CVE-2021-36128
14MediaWiki escalazione di privilegi4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2021-44857
15MediaWiki Private Wiki rivelazione di un 'informazione3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.03CVE-2021-45038
16MediaWiki Testwiki SecurePoll rivelazione di un 'informazione3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-46148
17MediaWiki EntitySchema Item escalazione di privilegi5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000830.00CVE-2021-45471
18Com User escalazione di privilegi7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.098810.02CVE-2008-3681
19Parallels Plesk Request php escalazione di privilegi6.55.9$0-$5k$0-$5kHighOfficial Fix0.973630.00CVE-2012-1823
20Ivanti Pulse Connect Secure Administrator Web Interface escalazione di privilegi4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2021-22937

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Fractured Block

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
161.14.210.72former-enews-out.businessinsider.org.ukCarrotbatFractured Block22/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/mgmt/tm/util/bashpredictiveAlto
2File/phppath/phppredictiveMedia
3File/sap/public/bc/abappredictiveAlto
4Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveAlto
5Filexxxx-xxxx.xpredictiveMedia
6Filexxxxx.xxxpredictiveMedia
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
8Filexxxx\xx_xx.xxxpredictiveAlto
9Filexxxxx.xxxpredictiveMedia
10Filexxxxx.xxxpredictiveMedia
11Filexxxxx.xxxpredictiveMedia
12Filexxx_xxxxx_xxxxx.xpredictiveAlto
13Argumentxxxxx_xxxxxxxxxxpredictiveAlto
14ArgumentxxpredictiveBasso
15ArgumentxxxpredictiveBasso
16ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
17Argumentxxxx_xxpredictiveBasso
18ArgumentxxxxpredictiveBasso
19Input ValuexxxxxxpredictiveBasso
20Input Valuexxx.xxx[xxxxx]predictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!