ioc[.]one - OSINT Cyber Threat Intelligence Database

Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers

Tags

country:	Australia China Italy Mexico
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Botnet - T1583.005 Botnet - T1584.005 Chat Messages - T1552.008 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1573 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 Firmware - T1592.003 Linux And Mac File And Directory Permissions Modification - T1222.002 Malware - T1587.001 Malware - T1588.001 Non-Standard Port - T1571 Server - T1583.004 Server - T1584.004 Unix Shell - T1059.004 Web Protocols - T1071.001 Vulnerabilities - T1588.006 Data From Local System - T1005 Exploit Public-Facing Application - T1190 File And Directory Discovery - T1083 Indicator Removal On Host - T1070 Standard Non-Application Layer Protocol - T1095 Process Discovery - T1057

Show in Graph

Common Information

Type	Value
UUID	f68550a3-37e2-46e8-88f4-1cea18afc101
Fingerprint	a424bf89acb301cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 11, 2025, 9:46 a.m.
Added to db	March 11, 2025, 11:30 a.m.
Last updated	March 20, 2025, 9:41 p.m.
Headline	Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
Title	Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
Detected Hints/Tags/Attributes	77/3/14

Source URLs

	Redirection	Url
Details	Source	https://www.catonetworks.com/blog/cato-ctrl-ballista-new-iot-botnet-targeting-thousands-of-tp-link-archer-routers/

URL Provider

Details	Provider	Source level domain
Details	catonetworks.com	www.catonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	282	✔	Security and Networking Blog \| Cato Networks	https://www.catonetworks.com/blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	61		cve-2023-1389
Details	IPv4	3		2.237.57.70
Details	MITRE ATT&CK Techniques	135		T1571
Details	MITRE ATT&CK Techniques	539		T1071.001
Details	MITRE ATT&CK Techniques	48		T1222.002
Details	MITRE ATT&CK Techniques	350		T1070.004
Details	MITRE ATT&CK Techniques	675		T1083
Details	MITRE ATT&CK Techniques	1		T1070.010
Details	MITRE ATT&CK Techniques	502		T1057
Details	MITRE ATT&CK Techniques	586		T1005
Details	MITRE ATT&CK Techniques	188		T1573
Details	MITRE ATT&CK Techniques	175		T1095
Details	MITRE ATT&CK Techniques	652		T1190
Details	MITRE ATT&CK Techniques	112		T1059.004