BattleRoyal Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (235)

Lang

en	190
ja	18
zh	14
fr	6
ru	2

Land

us	78
cn	50
ru	4
ce	2
gb	2

Skådespelare

Cobalt Strike	14
NetSupportManager RAT	12
RecordBreaker	10
Raccoon	10
SideWinder	8

Intressera

Typ

Not Defined	100
WordPress Plugin	18
Operating System	12
Content Management System	10
Firewall Software	8

Säljare

Not Defined	78
Microsoft	12
Computrols	6
QNAP	6
Cisco	6

Produkt

Microsoft Windows	8
Computrols CBAS	6
QNAP QTS	6
Qualcomm Snapdragon Auto	6
Qualcomm Snapdragon Compute	6

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Atmail Remote Code Execution	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00251	0.04	CVE-2013-5033
2	Palo Alto PAN-OS GlobalProtect Clientless VPN minneskorruption	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00112	0.03	CVE-2021-3056
3	WordPress sql injektion	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
4	VeronaLabs wp-statistics Plugin API Endpoint Blind sql injektion	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
5	Linksys WRT54GL Web Management Interface SysInfo1.htm informationsgivning	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.04	CVE-2024-1406
6	Teclib GLPI unlock_tasks.php sql injektion	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12149	0.04	CVE-2019-10232
7	Sophos Firewall User Portal/Webadmin svag autentisering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97434	0.08	CVE-2022-1040
8	CutePHP CuteNews privilegier eskalering	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02107	0.08	CVE-2019-11447
9	WordPress Object privilegier eskalering	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.04	CVE-2022-21663
10	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.1	$100k och mer	$0-$5k	Proof-of-Concept	Official Fix	0.07084	0.04	CVE-2022-26923
11	QNAP QTS Media Library privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.01575	0.03	CVE-2017-13067
12	RealNetworks RealServer Port 7070 Service förnekande av tjänsten	7.5	7.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.02116	0.04	CVE-2000-0272
13	Microsoft Windows Themes informationsgivning	5.9	5.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00128	0.04	CVE-2024-21320
14	Royal Elementor Addons and Templates Plugin privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96723	0.03	CVE-2023-5360
15	Hikvision Intercom Broadcasting System ping.php privilegier eskalering	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.90160	0.05	CVE-2023-6895
16	Hikvision Hybrid SAN Messages privilegier eskalering	8.2	8.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00203	0.02	CVE-2023-28808
17	Unitronics Vision Series PLC privilegier eskalering	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06843	0.07	CVE-2023-6448
18	Bezeq Vtech NB403-IL/Vtech IAD604-IL UPnP Service rootDesc.xml informationsgivning	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00116	0.00	CVE-2022-47848
19	Tenda N301 Wireless Router wanMTU setSysTools privilegier eskalering	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00114	0.00	CVE-2019-16412
20	Tenda N300 Wireless N VDSL2 Modem Router svag autentisering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.04	CVE-2023-4498

Kampanjer (1)

These are the campaigns that can be associated with the actor:

DarkGate

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	5.181.159.29	no-rdns.mivocloud.com	BattleRoyal	DarkGate	23/12/2023	verified	Hög
2	XX.XXX.XX.XX		Xxxxxxxxxxx	Xxxxxxxx	23/12/2023	verified	Hög
3	XXX.XX.XXX.XX		Xxxxxxxxxxx	Xxxxxxxx	23/12/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-59, CWE-119, CWE-120, CWE-122, CWE-125, CWE-134, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-288, CWE-290, CWE-305, CWE-306, CWE-345, CWE-352, CWE-354, CWE-371, CWE-400, CWE-404, CWE-416, CWE-444, CWE-502, CWE-610, CWE-611, CWE-639, CWE-641, CWE-787, CWE-862, CWE-863, CWE-918, CWE-1021, CWE-1188	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
11	TXXXX.XXX	CAPEC-147	CWE-XXX, CWE-XXX, CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Hög
13	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
15	TXXXX.XXX	CAPEC-114	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
16	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
17	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/api/RecordingList/DownloadRecord?file=	predictive	Hög
2	File	/apply.cgi	predictive	Medium
3	File	/brand.php	predictive	Medium
4	File	/php/ping.php	predictive	Hög
5	File	/rapi/read_url	predictive	Hög
6	File	/scripts/unlock_tasks.php	predictive	Hög
7	File	/SysInfo1.htm	predictive	Hög
8	File	/sysinfo_json.cgi	predictive	Hög
9	File	/system/user/modules/mod_users/controller.php	predictive	Hög
10	File	/wp-admin/admin-post.php?es_skip=1&option_name	predictive	Hög
11	File	xxxxxxx/xxxx.xxx	predictive	Hög
12	File	xxxxxx/xxx.x	predictive	Medium
13	File	xxxxxxxxx.xxx.xxx	predictive	Hög
14	File	xxxxx/xxxxx.xxx	predictive	Hög
15	File	xxxx_xxxxx.xxx	predictive	Hög
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxxxxx.xxx	predictive	Hög
18	File	xx/xx-xx.x	predictive	Medium
19	File	xxxxxxx.xxx	predictive	Medium
20	File	xxx/xxxx_xxxx.x	predictive	Hög
21	File	xxxxxx/xxxxxxxxxxx	predictive	Hög
22	File	xxxx_xxxxxx.x	predictive	Hög
23	File	xxxx/xxxxxxx.x	predictive	Hög
24	File	xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx	predictive	Hög
25	File	xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx	predictive	Hög
26	File	xxxxx.xxx	predictive	Medium
27	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	Hög
28	File	xxxxxxxxxx.xxx	predictive	Hög
29	File	xxxxx.xxx	predictive	Medium
30	File	xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
31	File	xxx/xxx.xxx	predictive	Medium
32	File	xxxxxxxxxx.xx	predictive	Hög
33	File	xxxxxxxxxxx-xxxx.xx	predictive	Hög
34	File	xxxxxx.x	predictive	Medium
35	File	xxxx.xxx	predictive	Medium
36	File	xxxxx.xxx	predictive	Medium
37	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	Hög
38	File	xxxxxxxx.xxx	predictive	Medium
39	File	xxxx.xxx	predictive	Medium
40	File	xxxxx/xxxxx.xxx	predictive	Hög
41	File	xxxxxxxx.xxx	predictive	Medium
42	File	xxxxxxxxxxxxxx.xxxx	predictive	Hög
43	File	xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx	predictive	Hög
44	File	xxxxxxxxx.xxx	predictive	Hög
45	File	xxxxxxxxxx	predictive	Medium
46	File	xxxxxxx/xxxxx.xxx	predictive	Hög
47	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
48	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Hög
49	Argument	xxxxxxxx_xxxx	predictive	Hög
50	Argument	xxxxxx	predictive	Låg
51	Argument	xxxxxxx_xxxx	predictive	Medium
52	Argument	xxxxxx_xxxx	predictive	Medium
53	Argument	xxxxx_xxxx	predictive	Medium
54	Argument	xxx	predictive	Låg
55	Argument	xxxxxxxxxxxxxxxxx	predictive	Hög
56	Argument	xxxxx	predictive	Låg
57	Argument	xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx	predictive	Hög
58	Argument	xxxxxxxxx	predictive	Medium
59	Argument	xxxxxx_xx	predictive	Medium
60	Argument	xxxxxxxx_xxxxx	predictive	Hög
61	Argument	xxxxxx	predictive	Låg
62	Argument	xxxx	predictive	Låg
63	Argument	xxxx	predictive	Låg
64	Argument	xx	predictive	Låg
65	Argument	xxxxxxxx[xx]	predictive	Medium
66	Argument	xxxxxxx	predictive	Låg
67	Argument	xxx_xxxx	predictive	Medium
68	Argument	xxxx	predictive	Låg
69	Argument	xxxxxxxx	predictive	Medium
70	Argument	xxxxxxx/xxxxx	predictive	Hög
71	Argument	xxxxxx_xxx	predictive	Medium
72	Argument	xxxx_xx	predictive	Låg
73	Argument	xxxxxxxx_xxxxxxxx	predictive	Hög
74	Argument	xxxxxxxxxxxxxxxxxxxxx	predictive	Hög
75	Argument	xxxx_xx	predictive	Låg
76	Argument	xxx	predictive	Låg
77	Argument	xxxx	predictive	Låg
78	Argument	xxxxxxxx	predictive	Medium
79	Argument	xxxx/xx/xxxx/xxx	predictive	Hög
80	Argument	_xxx_xxxxxxxxxxx_	predictive	Hög
81	Input Value	.%xx.../.%xx.../	predictive	Hög
82	Input Value	../../	predictive	Låg
83	Input Value	../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx	predictive	Hög
84	Input Value	xxxxxxx -xxx	predictive	Medium
85	Input Value	xxxxxxxxxx	predictive	Medium
86	Network Port	xxxx	predictive	Låg
87	Network Port	xxxx	predictive	Låg
88	Network Port	xxxx xxxx	predictive	Medium
89	Network Port	xxx/xxx	predictive	Låg
90	Network Port	xxx/xxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!