Ballistic Bobcat Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (147)

Curso de tempo

Idioma

en138
de4
es4
ru2

País

us30
de6
gr4
ir4
cn2

Actores

Ballistic Bobcat3
Cobalt Strike2
Raccoon1
BazarBackdoor1
Havoc1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined90
WordPress Plugin18
Operating System8
Smartphone Operating System4
Chip Software4

Fabricante

Not Defined52
Trendnet4
SourceCodester4
Samsung4
F-Secure4

Produto

Dataease6
wpWax Team Plugin4
Samsung Smart Phone4
F-Secure Atlant4
Apple macOS4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.92CVE-2020-12440
2Rocklobster Contact Form 7 direitos alargados6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.850540.05CVE-2020-35489
3convert-svg-core SVG File direitos alargados8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.071250.03CVE-2022-25759
4greenpau caddy-security Header Fraca autenticação5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-21494
5KiTTY Excesso de tampão6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2024-25003
6Progress Telerik Test Studio Applications Installer direitos alargados7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2024-0833
7Campcodes Online College Library System HTTP POST Request borrow_add.php Injecção SQL6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.03CVE-2023-7175
8Alt-N MDaemon Worldclient direitos alargados4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2021-27182
9UnrealIRCd direitos alargados7.37.3$0-$5k$0-$5kHighNot Defined0.649510.00CVE-2010-2075
10Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.22CVE-2023-36434
11Royal Elementor Addons Plugin data_fetch Roteiro Cruzado de Sítios5.25.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2022-4710
12node-jsonwebtoken jwt.verify direitos alargados8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02CVE-2022-23529
13Apple macOS AMD Excesso de tampão7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2022-42847
14Mitsubishi Electric GX Works3 Fraca autenticação5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.012410.00CVE-2022-29825
15Tribal Systems Zenario CMS Profile Roteiro Cruzado de Sítios4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-44071
16HotelDruid gestione_utenti.php Injecção SQL8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002550.00CVE-2018-1000871
17ITRS OP5 Monitor Roteiro Cruzado de Sítios4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.00CVE-2021-40272
18Intel XMM 7560 direitos alargados6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-28611
19Plesk Obsidian REST API commands Falsificação de Pedido Cross Site4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000830.03CVE-2022-45130
20Huawei HarmonyOS HiView Module Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-44553

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
15.255.97.172Ballistic Bobcat05/03/2024verifiedAlto
2XX.XXX.XXX.XXXXxxxxxxxx Xxxxxx05/03/2024verifiedAlto
3XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx Xxxxxx05/03/2024verifiedAlto
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxx05/03/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveAlto
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin.php/pic/admin/pic/hypredictiveAlto
2File/admin.php/user/level_delpredictiveAlto
3File/admin/borrow_add.phppredictiveAlto
4File/admin/general.cgipredictiveAlto
5File/api/plugin/uninstallpredictiveAlto
6File/api/plugin/uploadpredictiveAlto
7File/api/v2/cli/commandspredictiveAlto
8File/xxxxxxpredictiveBaixo
9File/xxx/xxxxxpredictiveMédio
10File/xx_xxxx/xxxxx/xxxxxx/xxxxxxxxx/predictiveAlto
11File/xxxxx-xxxxxx/xxxxx.xxxxpredictiveAlto
12File/xxx/xxxxxxpredictiveMédio
13File/xxxxxx_xxx/xxxxxx/xxxx/xxxxpredictiveAlto
14File/xxxx/xx/xxxx/xxxxpredictiveAlto
15File/xxxxxxxx/xxxxx.xxx?x=xxxxxxxxpredictiveAlto
16File/xxxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveAlto
17File/xxx/xxx/xxx-xxxxxxx.xpredictiveAlto
18File/xxxxxxx/predictiveMédio
19File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxx_xxxxxxxxpredictiveAlto
20Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
21Filexxxxxxxx_xxx.xxxpredictiveAlto
22Filexxxxxxx.xxxpredictiveMédio
23Filexxxxxxxxx.xxxpredictiveAlto
24Filexxxxxxxxx.xxxpredictiveAlto
25Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
26Filexxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxx/x?xxxxxxxxxxxxxxx=xpredictiveAlto
27Filexxxxxxxx.xpredictiveMédio
28Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
29Filexxxxxx.xxxpredictiveMédio
30Filexxxxxxx:xxxxxxxxxxxxpredictiveAlto
31Filexx_xxxx/xx_xxxx.xpredictiveAlto
32Filexxx.xxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
33Libraryxxxxxx.xxxpredictiveMédio
34ArgumentxxxxxxxpredictiveBaixo
35Argumentxxx_xxpredictiveBaixo
36ArgumentxxxxxxxpredictiveBaixo
37ArgumentxxxxxxxxxxxxpredictiveMédio
38ArgumentxxxxpredictiveBaixo
39ArgumentxxxxxxxxpredictiveMédio
40Argumentxxxxxxxx_xxxxpredictiveAlto
41ArgumentxxxxxxxxpredictiveMédio
42ArgumentxxpredictiveBaixo
43Argumentxx_xxxxxx_xxxpredictiveAlto
44ArgumentxxxxxxpredictiveBaixo
45ArgumentxxxxxxpredictiveBaixo
46ArgumentxxxxxxpredictiveBaixo
47ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
48ArgumentxxxxxxxpredictiveBaixo
49ArgumentxxxxpredictiveBaixo
50ArgumentxxxxxpredictiveBaixo
51ArgumentxxxxxxxxpredictiveMédio
52Argumentxxxx_xxpredictiveBaixo
53ArgumentxxxxxpredictiveBaixo
54ArgumentxxxxxxpredictiveBaixo
55Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxpredictiveAlto
56Argumentx-xxxxxxxxx-xxxpredictiveAlto
57Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!