Ballistic Bobcat Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en144
es6
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA22
CN: China6
GR: Greece4
DE: Germany4
IR: Iran4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ballistic Bobcat3
Cobalt Strike2
Raccoon1
BazarBackdoor1
Havoc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined84
Operating System10
Smartphone Operating System10
WordPress Plugin8
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Apple8
Google6
Trendnet4
Samsung4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Dataease6
Apple macOS4
Trendnet AC2600 TEW-827DRU2
Lantronix PremierWave2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.30CVE-2020-12440
2Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot definedOfficial fixexpected0.903700.08CVE-2020-35489
3convert-svg-core SVG File code injection8.17.9$0-$5k$0-$5kNot definedOfficial fix 0.023500.00CVE-2022-25759
4AdminLTE index2.html path traversal8.07.9$0-$5k$0-$5kNot definedNot defined 0.005540.30CVE-2021-36471
5Softwin WMX3 ImageAdd.ashx ImageAdd unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000440.06CVE-2025-2702
6Four-Faith F3x24/F3x36 apply.cgi os command injection7.27.2$0-$5k$0-$5kHighNot definedexpected0.790880.00CVE-2024-12856
7Campcodes Complete Online Student Management System units_view.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000920.00CVE-2024-3528
8greenpau caddy-security Header authentication spoofing5.95.9$0-$5k$0-$5kNot definedNot defined 0.000200.05CVE-2024-21494
9KiTTY stack-based overflow6.66.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.004850.05CVE-2024-25003
10Progress Telerik Test Studio Applications Installer privileges management7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.001030.00CVE-2024-0833
11Campcodes Online College Library System HTTP POST Request borrow_add.php sql injection6.46.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000330.00CVE-2023-7175
12Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot definedOfficial fix 0.008570.00CVE-2021-27182
13UnrealIRCd input validation7.37.3$0-$5k$0-$5kHighNot definedpossible0.613250.06CVE-2010-2075
14Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.029260.06CVE-2023-36434
15Royal Elementor Addons Plugin data_fetch cross site scripting5.25.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.003710.00CVE-2022-4710
16node-jsonwebtoken jwt.verify input validation8.38.2$0-$5k$0-$5kNot definedOfficial fix 0.000000.07CVE-2022-23529
17Apple macOS AMD out-of-bounds write7.87.6$5k-$25k$0-$5kNot definedOfficial fix 0.000490.00CVE-2022-42847
18Mitsubishi Electric GX Works3 hard-coded password5.65.6$0-$5k$0-$5kNot definedNot defined 0.003070.02CVE-2022-29825
19Tribal Systems Zenario CMS Profile cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.000840.00CVE-2022-44071
20HotelDruid gestione_utenti.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.002910.00CVE-2018-1000871

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.255.97.172Ballistic Bobcat03/05/2024verifiedHigh
2XX.XXX.XXX.XXXXxxxxxxxx Xxxxxx03/05/2024verifiedHigh
3XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx Xxxxxx03/05/2024verifiedMedium
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxx03/05/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/pic/admin/pic/hypredictiveHigh
2File/admin.php/user/level_delpredictiveHigh
3File/admin/borrow_add.phppredictiveHigh
4File/admin/general.cgipredictiveHigh
5File/admin/index2.htmlpredictiveHigh
6File/api/plugin/uninstallpredictiveHigh
7File/api/plugin/uploadpredictiveHigh
8File/api/v2/cli/commandspredictiveHigh
9File/xxxxxxpredictiveLow
10File/xxx/xxxxxpredictiveMedium
11File/xx_xxxx/xxxxx/xxxxxx/xxxxxxxxx/predictiveHigh
12File/xxxxx-xxxxxx/xxxxx.xxxxpredictiveHigh
13File/xxx/xxxxxxpredictiveMedium
14File/xxxxxxxx.xxxxpredictiveHigh
15File/xxxxxx_xxx/xxxxxx/xxxx/xxxxpredictiveHigh
16File/xxxx/xx/xxxx/xxxxpredictiveHigh
17File/xxxxxxxx/xxxxx.xxx?x=xxxxxxxxpredictiveHigh
18File/xxxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
19File/xxx/xxx/xxx-xxxxxxx.xpredictiveHigh
20File/xxxxxxx/predictiveMedium
21File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxx_xxxxxxxxpredictiveHigh
22Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxx_xxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxx/x?xxxxxxxxxxxxxxx=xpredictiveHigh
30Filexxxxxxxx.xpredictiveMedium
31Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxxxx:xxxxxxxxxxxxpredictiveHigh
34Filexx_xxxx/xx_xxxx.xpredictiveHigh
35Filexxx.xxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx_xxxx.xxxpredictiveHigh
37Libraryxxxxxx.xxxpredictiveMedium
38ArgumentxxxxxxxpredictiveLow
39Argumentxxx_xxpredictiveLow
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxpredictiveLow
43ArgumentxxxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxxxxx_xxxxpredictiveHigh
46ArgumentxxxxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLow
49Argumentxx_xxxxxx_xxxpredictiveHigh
50ArgumentxxxxxxpredictiveLow
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58Argumentxxxx_xxpredictiveLow
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
62Argumentx-xxxxxxxxx-xxxpredictiveHigh
63Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!