BATLoader Analysisinfo

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en598
ru316
de32
es20
fr20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SPIP4
.htaccess Redirect Plugin2
SourceCodester Online Flight Booking Management Sy ...2
WP Meta SEO Plugin2
BuddyPress Docs Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.18CVE-2022-28959
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.83
3Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001470.03CVE-2008-2052
4vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2018-6200
5My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07
6FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.24CVE-2008-5928
7Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.15
8PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
9Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.09CVE-2010-2338
10Xitex Xitex WebContent M1 redirect.do cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002050.03CVE-2008-1209
11Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.09CVE-2007-2046
12OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.003100.03CVE-2014-2230
13WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001770.38CVE-2008-0507
14Moodle jumpto.php redirect6.36.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000000.00
15GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001390.07CVE-2019-9915
16PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.05CVE-2015-4135
17OpenTrade Message DOM-Based cross site scripting6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2020-6847
18SPIP spip_login.php3 cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005870.00CVE-2005-4494
19Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.05CVE-2017-12138

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1103.146.23.112BATLoader04/02/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4File/out.phppredictiveMedium
5File/spip.phppredictiveMedium
6Fileadclick.phppredictiveMedium
7Fileadd_comment.phppredictiveHigh
8Fileadmin/index.phppredictiveHigh
9Filealeksis/core/util/auth_helpers.pypredictiveHigh
10Filexxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxx/xxxxx_xxxxxxx.xpredictiveHigh
12Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxx_xxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
18Filexx/xxxxxxxxx.xpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexx.xxxpredictiveLow
21Filexxxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxx.xxxpredictiveHigh
23Filexxx.xxxxxxxxxx.xxxpredictiveHigh
24Filexxx/xxx.xxxxxx.xxxpredictiveHigh
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
34Filexxxxxx_xxxxxx.xxxpredictiveHigh
35Filexxxx_xxxxx.xxxxpredictiveHigh
36Filexxx/xxx/xxxxxxx/xxxx.xxxpredictiveHigh
37Filexxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
38Filexxx.xxxpredictiveLow
39Filexxxxxx/xx/xxxx.xxxpredictiveHigh
40Filexx-xxxxxxxxx.xxxpredictiveHigh
41File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
42Libraryxxx/xxxx/xxx/xxx.xxxpredictiveHigh
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45Argumentxxxx/xxxxxx/xxxpredictiveHigh
46ArgumentxxxxpredictiveLow
47ArgumentxxxxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxpredictiveLow
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxpredictiveLow
54Argumentxx_xxpredictiveLow
55Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictiveHigh
56ArgumentxxxxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxxxxxxxpredictiveMedium
59Argumentx-xxxxxxxxx-xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!