Ballista (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.ballista (Back to overview)

Ballista

Ballista is an IoT botnet, infecting unpatched TP-Link Archer AX21 (AX1800) routers. It spreads through automatic exploitation of CVE-2023-1389. Its capabilities include remote code execution and DDoS attacks.

References

2025-03-11 ⋅ Cato Networks ⋅ Matan Mittleman, Ofek Vardi
Cato CTRL Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
Ballista

There is no Yara-Signature yet.

Ballista Propose Change

References

Ballista