BattleRoyal Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (258)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en216
zh12
ja12
ru6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA80
CN: China60
RU: Russia8
CE: Chechnya4
UA: Ukraine4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike14
NetSupportManager RAT14
SideWinder9
Raccoon9
RecordBreaker8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined94
Firewall Software16
Router Operating System14
WordPress Plugin10
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
Microsoft16
Apache8
Qualcomm8
Sophos6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto8
Qualcomm Snapdragon Consumer IOT8
Qualcomm Snapdragon Industrial IOT8
Qualcomm Snapdragon Mobile8
Microsoft Windows6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.003820.02CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot definedOfficial fix 0.007510.00CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.075700.02CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.012560.00CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000330.02CVE-2024-1406
6Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot definedOfficial fixexpected0.858650.05CVE-2019-10232
7Sophos Firewall User Portal/Webadmin improper authentication9.09.0$0-$5k$0-$5kAttackedNot definedverified0.944390.05CVE-2022-1040
8CutePHP CuteNews index.php unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.716010.02CVE-2019-11447
9WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.007410.00CVE-2022-21663
10Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kAttackedOfficial fixverified0.916180.03CVE-2022-26923
11QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial fixpossible0.510690.02CVE-2017-13067
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.05CVE-2014-4078
13Linux Kernel netfilter nf_reject_ip6_tcphdr_put uninitialized resource6.76.6$5k-$25k$0-$5kNot definedOfficial fix 0.003140.03CVE-2024-47685
14Liferay Portal ommand absolute path traversal8.48.2$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.580660.04CVE-2021-33990
15MZ Automation LibIEC61850 MMS Client stack-based overflow5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.001270.02CVE-2024-45970
16Pureftpd pure-FTPd path traversal5.15.1$0-$5k$0-$5kNot definedNot defined 0.000280.04CVE-2011-3171
17WP Maps Plugin sql injection7.57.4$0-$5k$0-$5kNot definedNot defined 0.002960.05CVE-2024-2386
18vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kAttackedOfficial fixexpected0.854610.00CVE-2016-6195
19Bitrix24 tools.php initialization7.57.5$0-$5k$0-$5kNot definedNot definedexpected0.903530.05CVE-2023-1719
20DokuWiki Media Manager unrestricted upload6.26.2$0-$5k$0-$5kNot definedNot defined 0.000420.06CVE-2024-33103

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DarkGate

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.181.159.29no-rdns.mivocloud.comBattleRoyalDarkGate12/23/2023verifiedMedium
2XX.XXX.XX.XXXxxxxxxxxxxXxxxxxxx12/23/2023verifiedHigh
3XXX.XX.XXX.XXXxxxxxxxxxxXxxxxxxx12/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (103)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/brand.phppredictiveMedium
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/php/ping.phppredictiveHigh
6File/rapi/read_urlpredictiveHigh
7File/scripts/unlock_tasks.phppredictiveHigh
8File/SysInfo1.htmpredictiveHigh
9File/sysinfo_json.cgipredictiveHigh
10File/system/dictData/loadDictItempredictiveHigh
11File/system/user/modules/mod_users/controller.phppredictiveHigh
12File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
13File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
14Filexxxxxxx/xxxx.xxxpredictiveHigh
15Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
16Filexxxxxx/xxx.xpredictiveMedium
17Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
18Filexxxxxxxxx.xxx.xxxpredictiveHigh
19Filexxxxx/xxxxx.xxxpredictiveHigh
20Filexxxx_xxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
24Filexx/xx-xx.xpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxx/xxxx_xxxx.xpredictiveHigh
27Filexxxxxx/xxxxxxxxxxxpredictiveHigh
28Filexxxx_xxxxxx.xpredictiveHigh
29Filexxxx/xxxxxxx.xpredictiveHigh
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxx/xxx.xxxpredictiveMedium
38Filexxxxxxxxxx.xxpredictiveHigh
39Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
40Filexxxxxx.xpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxx.xxxpredictiveMedium
47Filexxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
50Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxx.xxxpredictiveHigh
54FilexxxxxxxxxxpredictiveMedium
55Filexxxxxxx/xxxxx.xxxpredictiveHigh
56Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
57Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
58Argumentxxxxxxxx_xxxxpredictiveHigh
59ArgumentxxxxxxpredictiveLow
60Argumentxxxxxxx_xxxxpredictiveMedium
61Argumentxxxxxx_xxxxpredictiveMedium
62Argumentxxxxx_xxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxxxpredictiveLow
66Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
67ArgumentxxxxxxxxxpredictiveMedium
68Argumentxxxxxx_xxpredictiveMedium
69ArgumentxxxxxpredictiveLow
70Argumentxxxxxxxx_xxxxxpredictiveHigh
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxpredictiveLow
76Argumentxxxxxxxx[xx]predictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79Argumentxxx_xxxxpredictiveMedium
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxxx/xxxxxpredictiveHigh
84Argumentxxxxxx_xxxpredictiveMedium
85Argumentxxxx_xxpredictiveLow
86Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
87ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
88Argumentxxxx_xxpredictiveLow
89ArgumentxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92Argumentxxxx/xx/xxxx/xxxpredictiveHigh
93Argument_xxx_xxxxxxxxxxx_predictiveHigh
94Input Value.%xx.../.%xx.../predictiveHigh
95Input Value../../predictiveLow
96Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
97Input Valuexxxxxxx -xxxpredictiveMedium
98Input ValuexxxxxxxxxxpredictiveMedium
99Network PortxxxxpredictiveLow
100Network PortxxxxpredictiveLow
101Network Portxxxx xxxxpredictiveMedium
102Network Portxxx/xxxpredictiveLow
103Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!