Bobik Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (188)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en182
pt2
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de18
us14
pt2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bobik2
Mirai1
Bashlite1
Sliver1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined94
WordPress Plugin32
E-Commerce Management Software8
Router Operating System6
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Apple6
Qualcomm6
Tongda4
QNAP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm QCA6574AU6
Qualcomm QCA66966
Qualcomm SA6145P6
Qualcomm SA6150P6
Qualcomm SA6155P6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WPC Composite Products for WooCommerce Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-2838
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.20CVE-2020-15906
3LizardByte Sunshine Device Pairing session fixiation6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.06CVE-2024-31221
4Vinchin Backup & Recovery syncNtpTime Privilege Escalation7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001630.02CVE-2024-22899
5Jan De Graaff Com Simpleboard File Upload image_upload.php input validation7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.024350.03CVE-2008-6814
6Totolink AC1200 HTTP Request boa formMultiAP stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.20-CVE-2024-34196
7OpenHarmony Pre-installed Apps use after free4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-27217
8Ruijie RG-UAC commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.16CVE-2024-4501
9ThinkPHP Cookie think_exception.tpl information exposure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-34467
10Motorola Phone Extension App improper export of android application components4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.08CVE-2023-41823
11Linux Kernel mt7921e napi_diable denial of service4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.08CVE-2022-48705
12vanessa219 Vditor Element Attribute cross site scripting3.53.4$0-$5k$0-$5kNot DefinedWorkaround0.000430.08CVE-2024-34449
13Import and Export Users and Customers Plugin authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2024-1050
14libxmljs namespaces type confusion6.86.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-34392
15Xiaomi Pro 13 isUrlMatchLevel Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2023-26322
16Zscaler Client Connector heap-based overflow6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2023-28798
17Linux Kernel wilc1000 hif.c rcu_dereference_check null pointer dereference4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2024-27053
18CMSimple Settings Menu cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33424
19Nagios XI Dashlet Privilege Escalation6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000430.20CVE-2024-33775
20Linux Kernel evtchn WARN denial of service5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-27067

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.57.122.82Bobik03/19/2024verifiedHigh
2XX.XXX.XX.XXXxxxx-xx-xxx-xx-xxx.xxxxxxx.xxxxXxxxx03/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/ajax.php?action=confirm_orderpredictiveHigh
2File/admin/book_add.phppredictiveHigh
3File/admin/borrow_add.phppredictiveHigh
4File/admin/config_Anticrack.phppredictiveHigh
5File/admin/manage-pages.phppredictiveHigh
6File/admin/sys_sql_query.phppredictiveHigh
7File/api/snapshot and /api/get_log_filepredictiveHigh
8File/b2b-supermarket/catalog/all-productspredictiveHigh
9File/container/listpredictiveHigh
10File/dede/article_description_main.phppredictiveHigh
11File/xxxxxxx/xxxxx/xxxxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
15File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
16File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
17File/xxxx/xxxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
18File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxx.xxxxx.xxxx.xxxpredictiveHigh
20Filexx/xxxxxx_xxx.xxxpredictiveHigh
21Filexxx.xpredictiveLow
22FilexxxpredictiveLow
23Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxx/xxxxxx.xxpredictiveHigh
26Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
27Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
28Filexxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxx/xx_xxxxxxxxxxx.xpredictiveHigh
30Filexxxxxx/xxxxxx/xxx/xxxx/xxxxxxx.xxpredictiveHigh
31Filexxxxxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
32Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHigh
34Filexxxxxxx/xxxxx-xx-xxxxxxx-xxxxxxpredictiveHigh
35Filexxx/xxxxxx/xxx.xxpredictiveHigh
36Filexxxxxx/xxxxxx.xxxpredictiveHigh
37Filexxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxxx-xxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxx_xxxx_xxx.xxxpredictiveHigh
41Filexxxxxxxx_xxxx.xxxpredictiveHigh
42Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
43Filexxxx-xxxxx.xxxpredictiveHigh
44Filexxxx_xxxxxxx.xxxpredictiveHigh
45Argumentxxxx_xxxxxx_xxxxxxxpredictiveHigh
46ArgumentxxxxxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxxxxxx_xxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxxxx xxxxpredictiveMedium
51Argumentxxxxxxx-xxxxxxpredictiveHigh
52Argumentxxxxxx_xxxpredictiveMedium
53ArgumentxxxxxxxxxxpredictiveMedium
54Argumentxxxxxx_xxx_xxpredictiveHigh
55ArgumentxxxxxxxxxpredictiveMedium
56Argumentxxxxxxxx_xxxxpredictiveHigh
57Argumentxxxx_xxxxxxpredictiveMedium
58ArgumentxxxxxxxpredictiveLow
59Argumentxxxx_xxxxxxxxpredictiveHigh
60ArgumentxxpredictiveLow
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63Argumentxxxxxxxx/xxxxxxpredictiveHigh
64Argumentxxxx/xxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxxpredictiveMedium
66ArgumentxxxpredictiveLow
67ArgumentxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
72Argumentxxxxxx_xxxxpredictiveMedium
73ArgumentxxxxxxxxxxxpredictiveMedium
74Argumentxxxxx_xxxxxxxpredictiveHigh
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxxxxpredictiveLow
77Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
78Argumentxxxx_xxpredictiveLow
79Argumentxxxxx_xxxpredictiveMedium
80Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
81Argumentxxxxxxx_xx_xxxpredictiveHigh
82Argumentx-xxxxxxxxx-xxxpredictiveHigh
83Input Value%xx%xx%xx%xxxxx%xxxxx%xxx+xxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xxpredictiveHigh
84Input Value;[xxxxxxx]predictiveMedium
85Input Valuexxx=/&xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!