Ballistic Bobcat Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (147)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en142
de4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
de6
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ballistic Bobcat3
Cobalt Strike2
Raccoon1
BazarBackdoor1
Havoc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined100
Operating System14
Content Management System4
Chip Software4
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Apple8
Adobe6
TOTOLINK4
MediaTek4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
Dataease6
MediaTek MT65804
MediaTek MT67354
MediaTek MT67374

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.97CVE-2020-12440
2Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.850540.05CVE-2020-35489
3convert-svg-core SVG File code injection8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.071250.00CVE-2022-25759
4greenpau caddy-security Header authentication spoofing5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-21494
5KiTTY stack-based overflow6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2024-25003
6Progress Telerik Test Studio Applications Installer privileges management7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2024-0833
7Campcodes Online College Library System HTTP POST Request borrow_add.php sql injection6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-7175
8Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
9UnrealIRCd input validation7.37.3$0-$5k$0-$5kHighNot Defined0.649510.08CVE-2010-2075
10Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.09CVE-2023-36434
11Royal Elementor Addons Plugin data_fetch cross site scripting5.25.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2022-4710
12node-jsonwebtoken jwt.verify input validation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02CVE-2022-23529
13Apple macOS AMD out-of-bounds write7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2022-42847
14Mitsubishi Electric GX Works3 hard-coded password5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.011410.00CVE-2022-29825
15Tribal Systems Zenario CMS Profile cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-44071
16HotelDruid gestione_utenti.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002550.00CVE-2018-1000871
17ITRS OP5 Monitor cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.00CVE-2021-40272
18Intel XMM 7560 input validation6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-28611
19Plesk Obsidian REST API commands cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000830.03CVE-2022-45130
20Huawei HarmonyOS HiView Module Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-44553

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.255.97.172Ballistic Bobcat03/05/2024verifiedHigh
2XX.XXX.XXX.XXXXxxxxxxxx Xxxxxx03/05/2024verifiedHigh
3XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx Xxxxxx03/05/2024verifiedHigh
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxx03/05/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/pic/admin/pic/hypredictiveHigh
2File/admin.php/user/level_delpredictiveHigh
3File/admin/borrow_add.phppredictiveHigh
4File/admin/general.cgipredictiveHigh
5File/api/plugin/uninstallpredictiveHigh
6File/api/plugin/uploadpredictiveHigh
7File/api/v2/cli/commandspredictiveHigh
8File/xxxxxxpredictiveLow
9File/xxx/xxxxxpredictiveMedium
10File/xx_xxxx/xxxxx/xxxxxx/xxxxxxxxx/predictiveHigh
11File/xxxxx-xxxxxx/xxxxx.xxxxpredictiveHigh
12File/xxx/xxxxxxpredictiveMedium
13File/xxxxxx_xxx/xxxxxx/xxxx/xxxxpredictiveHigh
14File/xxxx/xx/xxxx/xxxxpredictiveHigh
15File/xxxxxxxx/xxxxx.xxx?x=xxxxxxxxpredictiveHigh
16File/xxxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
17File/xxx/xxx/xxx-xxxxxxx.xpredictiveHigh
18File/xxxxxxx/predictiveMedium
19File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxx_xxxxxxxxpredictiveHigh
20Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxx_xxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxx/x?xxxxxxxxxxxxxxx=xpredictiveHigh
27Filexxxxxxxx.xpredictiveMedium
28Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxx:xxxxxxxxxxxxpredictiveHigh
31Filexx_xxxx/xx_xxxx.xpredictiveHigh
32Filexxx.xxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Libraryxxxxxx.xxxpredictiveMedium
34ArgumentxxxxxxxpredictiveLow
35Argumentxxx_xxpredictiveLow
36ArgumentxxxxxxxpredictiveLow
37ArgumentxxxxxxxxxxxxpredictiveMedium
38ArgumentxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40Argumentxxxxxxxx_xxxxpredictiveHigh
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxpredictiveLow
43Argumentxx_xxxxxx_xxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxxpredictiveLow
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxxx_xxpredictiveLow
53ArgumentxxxxxpredictiveLow
54ArgumentxxxxxxpredictiveLow
55Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
56Argumentx-xxxxxxxxx-xxxpredictiveHigh
57Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!