BistroMath 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (215)

タイムライン

言語

en174
de28
ja8
fr2
jp2

国・地域

gb132
us50
ch24
de6
fr4

アクター

BistroMath3
Bistromath1

アクティビティ

関心

タイムライン

タイプ

Not Defined72
Operating System14
Web Server12
Content Management System10
Application Server Software8

ベンダー

Not Defined58
Microsoft30
Apache12
Citrix6
Oracle4

製品

Microsoft Windows8
Microsoft Office6
phpMyAdmin6
GeoServer4
Microsoft Power BI Report Server4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.13CVE-2020-12440
2Abacus ERP Multi Factor Authentication 弱い認証7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.00CVE-2022-1065
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.05CVE-2017-0055
4Microsoft Windows Win32k Privilege Escalation7.26.8$25k-$100k$0-$5kHighOfficial Fix0.001130.05CVE-2022-21882
5Apache OFBiz Exception 情報の漏洩6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001640.00CVE-2021-25958
6BlackBer Protect Message Broker Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedUnavailable0.000440.00CVE-2021-32023
7Oracle WebLogic Server Core Remote Code Execution9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001370.02CVE-2023-22069
8Spring Framework JSONP Cross-Domain 特権昇格5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002640.03CVE-2018-11040
9ownCloud graphapi GetPhpInfo.php 情報の漏洩7.67.5$0-$5k$0-$5kHighOfficial Fix0.867370.00CVE-2023-49103
10Esri ArcGIS Server SQLインジェクション8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114
11Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.14CVE-2022-24785
12Rapid4 RapidFlows Enterprise Application Builder GetFile.aspx ディレクトリトラバーサル6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2019-11397
13Apache CXF MTOM Request XOP:Include 特権昇格7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.039330.05CVE-2022-46364
14HCL Domino Server MIME Message メモリ破損9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004910.06CVE-2020-14244
15sitepress-multilingual-cms Plugin class-wp-installer.php 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.14CVE-2020-10568
16Dropbear SSH 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.07CVE-2016-7406
17Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2021-43947
18Matrix libolm Session Object olm_session_describe メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006850.00CVE-2021-44538
19Apache Tomcat UTF-8 Decoder サービス拒否6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.018300.03CVE-2018-1336
20polkit pkexec 特権昇格8.88.6$0-$5k$0-$5kHighWorkaround0.000460.04CVE-2021-4034

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1159.0.0.0BistroMath2020年02月15日verified
2159.100.0.0BistroMath2020年02月15日verified
3XXX.XXX.XXX.XXxxxxxxxxx2020年02月15日verified
4XXX.XXX.XXX.XXxxxxxxxxx2020年02月15日verified
5XXX.XXX.XXX.XXXXxxxxxxxxx2022年03月31日verified
6XXX.XXX.XXX.XXXXxxxxxxxxx2020年02月15日verified
7XXX.XXX.XXX.XXXXxxxxxxxxx2020年02月15日verified
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxx.xxXxxxxxxxxx2020年02月15日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/app/register.phppredictive
2File/etc/cron.d/predictive
3File/rom-0predictive
4File/uncpath/predictive
5File/usr/bin/pkexecpredictive
6Filexxxxx/xxxxx.xxxpredictive
7Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
8Filexxx.xxxpredictive
9Filexxxxxx.xxxpredictive
10Filexxx/xxxx/xxx_xxxx.xpredictive
11Filexxxxxxx.xxxxpredictive
12Filexxxxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxxx/xxxxxxxx.xpredictive
17Filexxxxxxxxx/xxxxxx.xxxxx.xxxpredictive
18Filexxxxxxxx/xxxx?xxxxxx=xxpredictive
19Filexxxxx.xxxpredictive
20Filexxxxxx.xxxpredictive
21Filexxx.xxxxxpredictive
22Filexxxx-xxxxx.xxxpredictive
23Filexxxxxxxxxxxxxxxxx.xxxxpredictive
24Filexxxxxxxx/predictive
25File~/xxxxxxxxxxxxx.xxxpredictive
26Argumentxxpredictive
27Argumentxxxxxpredictive
28Argumentxxpredictive
29Argumentxxxxxxxxpredictive
30Argumentxxxxxpredictive
31Argumentxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxxxxxxxxpredictive
34Argumentx_xxxxpredictive
35Argumentxxxxxx_xxxpredictive
36Argumentxxxxxxxxpredictive
37Argumentxxxxxpredictive
38Argumentxxxxx/xxxxxpredictive
39Argumentxxxxxxpredictive
40Argumentxxxxxxxx/xxxxpredictive
41Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!