Carrotbat Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (57)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
zh12
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn34
us24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Carrotbat1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Content Management System8
Firewall Software4
Programming Language Software4
Connectivity Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
SAP4
McAfee2
Muhammad A. Muquit2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MediaWiki6
OpenSSH2
SAP GUI2
McAfee Endpoint Product Removal Tool2
Muhammad A. Muquit wwwcount2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2Cisco Secure Access Control System EAP-FAST Authentication Module improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005030.00CVE-2013-3466
3Dell SonicWALL GMS/ViewPoint/UMA Authentication improper authentication9.89.4$5k-$25k$0-$5kHighOfficial Fix0.972090.00CVE-2013-1359
4adminlte cookie httponly flag5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.04CVE-2021-3706
5PRTG Network Monitor login.htm information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.05CVE-2020-11547
6SAP NetWeaver Application Server for ABAP SICF Service abap denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-40495
7SAP NetWeaver Application Server Java JMS Connector Service improper authorization8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2021-37535
8SAP NetWeaver Application Server ABAP SAP GUI for HTML HTML injection3.53.5$0-$5k$5k-$25kNot DefinedNot Defined0.000540.00CVE-2021-33665
9SAP GUI information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-40503
10F5 BIG-IP iControl REST Authentication bash missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.974790.05CVE-2022-1388
11SalesAgility SuiteCRM Scheduled Reports deserialization6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002910.02CVE-2022-23940
12ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2021-29099
13MediaWiki CentralAuth Extension improper authentication7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.004040.00CVE-2021-36128
14MediaWiki access control4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.05CVE-2021-44857
15MediaWiki Private Wiki information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.03CVE-2021-45038
16MediaWiki Testwiki SecurePoll information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-46148
17MediaWiki EntitySchema Item access control5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000830.00CVE-2021-45471
18Com User access control7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.098810.02CVE-2008-3681
19Parallels Plesk Request php input validation6.56.2$0-$5k$0-$5kHighOfficial Fix0.973630.05CVE-2012-1823
20Ivanti Pulse Connect Secure Administrator Web Interface unrestricted upload4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2021-22937

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Fractured Block

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
161.14.210.72former-enews-out.businessinsider.org.ukCarrotbatFractured Block12/22/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mgmt/tm/util/bashpredictiveHigh
2File/phppath/phppredictiveMedium
3File/sap/public/bc/abappredictiveHigh
4Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
5Filexxxx-xxxx.xpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx\xx_xx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxx_xxxxx_xxxxx.xpredictiveHigh
13Argumentxxxxx_xxxxxxxxxxpredictiveHigh
14ArgumentxxpredictiveLow
15ArgumentxxxpredictiveLow
16ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
17Argumentxxxx_xxpredictiveLow
18ArgumentxxxxpredictiveLow
19Input ValuexxxxxxpredictiveLow
20Input Valuexxx.xxx[xxxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!