BattleRoyal Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (235)

Curso de tempo

Idioma

en188
ja26
zh12
fr4
es2

País

us64
cn50
ce6
ru6
ua2

Actores

Cobalt Strike14
NetSupportManager RAT11
Raccoon10
RecordBreaker10
SideWinder8

Actividades

Interesse

Curso de tempo

Tipo

Not Defined88
Content Management System14
Operating System12
Firewall Software10
Router Operating System10

Fabricante

Not Defined74
Microsoft16
Qualcomm4
Progress4
Tenda4

Produto

WordPress8
Microsoft Windows6
cPanel6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Compute4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN Excesso de tampão8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
3WordPress Injecção SQL6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind Injecção SQL8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm Divulgação de Informação4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
6Teclib GLPI unlock_tasks.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
7Sophos Firewall User Portal/Webadmin Fraca autenticação8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
8CutePHP CuteNews direitos alargados7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
9WordPress Object direitos alargados5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k e mais$0-$5kProof-of-ConceptOfficial Fix0.070840.04CVE-2022-26923
11QNAP QTS Media Library direitos alargados8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
12RealNetworks RealServer Port 7070 Service Negação de Serviço7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.05CVE-2000-0272
13Microsoft Windows Themes Divulgação de Informação5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320
14Royal Elementor Addons and Templates Plugin direitos alargados8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.967230.03CVE-2023-5360
15Hikvision Intercom Broadcasting System ping.php direitos alargados7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.901600.20CVE-2023-6895
16Hikvision Hybrid SAN Messages direitos alargados8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.002030.02CVE-2023-28808
17Unitronics Vision Series PLC direitos alargados9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.068430.07CVE-2023-6448
18Bezeq Vtech NB403-IL/Vtech IAD604-IL UPnP Service rootDesc.xml Divulgação de Informação5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2022-47848
19Tenda N301 Wireless Router wanMTU setSysTools direitos alargados7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001140.00CVE-2019-16412
20Tenda N300 Wireless N VDSL2 Modem Router Fraca autenticação6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000460.04CVE-2023-4498

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • DarkGate

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
15.181.159.29no-rdns.mivocloud.comBattleRoyalDarkGate23/12/2023verifiedAlto
2XX.XXX.XX.XXXxxxxxxxxxxXxxxxxxx23/12/2023verifiedAlto
3XXX.XX.XXX.XXXxxxxxxxxxxXxxxxxxx23/12/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-119, CWE-120, CWE-122, CWE-125, CWE-134, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-288, CWE-290, CWE-305, CWE-306, CWE-345, CWE-352, CWE-354, CWE-371, CWE-400, CWE-404, CWE-416, CWE-444, CWE-502, CWE-610, CWE-611, CWE-639, CWE-641, CWE-787, CWE-862, CWE-863, CWE-918, CWE-1021, CWE-1188Unknown VulnerabilitypredictiveAlto
2T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveAlto
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveAlto
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-0CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-147CWE-XXX, CWE-XXX, CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/api/RecordingList/DownloadRecord?file=predictiveAlto
2File/apply.cgipredictiveMédio
3File/brand.phppredictiveMédio
4File/php/ping.phppredictiveAlto
5File/rapi/read_urlpredictiveAlto
6File/scripts/unlock_tasks.phppredictiveAlto
7File/SysInfo1.htmpredictiveAlto
8File/sysinfo_json.cgipredictiveAlto
9File/system/user/modules/mod_users/controller.phppredictiveAlto
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveAlto
11Filexxxxxxx/xxxx.xxxpredictiveAlto
12Filexxxxxx/xxx.xpredictiveMédio
13Filexxxxxxxxx.xxx.xxxpredictiveAlto
14Filexxxxx/xxxxx.xxxpredictiveAlto
15Filexxxx_xxxxx.xxxpredictiveAlto
16Filexxxxx.xxxpredictiveMédio
17Filexxxxxxxxxxx.xxxpredictiveAlto
18Filexx/xx-xx.xpredictiveMédio
19Filexxxxxxx.xxxpredictiveMédio
20Filexxx/xxxx_xxxx.xpredictiveAlto
21Filexxxxxx/xxxxxxxxxxxpredictiveAlto
22Filexxxx_xxxxxx.xpredictiveAlto
23Filexxxx/xxxxxxx.xpredictiveAlto
24Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
25Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
26Filexxxxx.xxxpredictiveMédio
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
28Filexxxxxxxxxx.xxxpredictiveAlto
29Filexxxxx.xxxpredictiveMédio
30Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
31Filexxx/xxx.xxxpredictiveMédio
32Filexxxxxxxxxx.xxpredictiveAlto
33Filexxxxxxxxxxx-xxxx.xxpredictiveAlto
34Filexxxxxx.xpredictiveMédio
35Filexxxx.xxxpredictiveMédio
36Filexxxxx.xxxpredictiveMédio
37Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
38Filexxxxxxxx.xxxpredictiveMédio
39Filexxxx.xxxpredictiveMédio
40Filexxxxx/xxxxx.xxxpredictiveAlto
41Filexxxxxxxx.xxxpredictiveMédio
42Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
43Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
44Filexxxxxxxxx.xxxpredictiveAlto
45FilexxxxxxxxxxpredictiveMédio
46Filexxxxxxx/xxxxx.xxxpredictiveAlto
47Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
48Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
49Argumentxxxxxxxx_xxxxpredictiveAlto
50ArgumentxxxxxxpredictiveBaixo
51Argumentxxxxxxx_xxxxpredictiveMédio
52Argumentxxxxxx_xxxxpredictiveMédio
53Argumentxxxxx_xxxxpredictiveMédio
54ArgumentxxxpredictiveBaixo
55ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
56ArgumentxxxxxpredictiveBaixo
57Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
58ArgumentxxxxxxxxxpredictiveMédio
59Argumentxxxxxx_xxpredictiveMédio
60Argumentxxxxxxxx_xxxxxpredictiveAlto
61ArgumentxxxxxxpredictiveBaixo
62ArgumentxxxxpredictiveBaixo
63ArgumentxxxxpredictiveBaixo
64ArgumentxxpredictiveBaixo
65Argumentxxxxxxxx[xx]predictiveMédio
66ArgumentxxxxxxxpredictiveBaixo
67Argumentxxx_xxxxpredictiveMédio
68ArgumentxxxxpredictiveBaixo
69ArgumentxxxxxxxxpredictiveMédio
70Argumentxxxxxxx/xxxxxpredictiveAlto
71Argumentxxxxxx_xxxpredictiveMédio
72Argumentxxxx_xxpredictiveBaixo
73Argumentxxxxxxxx_xxxxxxxxpredictiveAlto
74ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
75Argumentxxxx_xxpredictiveBaixo
76ArgumentxxxpredictiveBaixo
77ArgumentxxxxpredictiveBaixo
78ArgumentxxxxxxxxpredictiveMédio
79Argumentxxxx/xx/xxxx/xxxpredictiveAlto
80Argument_xxx_xxxxxxxxxxx_predictiveAlto
81Input Value.%xx.../.%xx.../predictiveAlto
82Input Value../../predictiveBaixo
83Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
84Input Valuexxxxxxx -xxxpredictiveMédio
85Input ValuexxxxxxxxxxpredictiveMédio
86Network PortxxxxpredictiveBaixo
87Network PortxxxxpredictiveBaixo
88Network Portxxxx xxxxpredictiveMédio
89Network Portxxx/xxxpredictiveBaixo
90Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!