Bisonal Analysis

IOB - Indicator of Behavior (8)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	8

Country

cn	6
us	2

Actors

Bisonal	1

Activities

Interest

Timeline

Type

Not Defined	4
SSH Server Software	2
Network Encryption Software	2

Vendor

Bitrix	2
Not Defined	2
furlongm	2
Atlassian	2

Product

Bitrix Site Manager	2
SSH Agent Plugin	2
furlongm openvpn-monitor	2
Atlassian Bitbucket Data Center	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Autoptimize Plugin Import code injection	5.4	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.01156	CVE-2021-24376
2	Bitrix Upload from Local Disk Feature restore.php unrestricted upload	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000	CVE-2022-29268
3	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01156	CVE-2022-27228
4	SSH Agent Plugin authorization	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00885	CVE-2022-20620
5	CodeIgniter Sendmail Email.php injection	8.5	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.05785	CVE-2016-10131
6	Atlassian Bitbucket Data Center path traversal	8.1	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.01156	CVE-2019-3397
7	furlongm openvpn-monitor Management Interface Socket command injection	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.02055	CVE-2021-31605
8	VMware vCenter Server Analytics Service unrestricted upload	8.6	8.5	$5k-$25k	$0-$5k	Functional	Official Fix	0.02	0.92029	CVE-2021-22005

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Type	Confidence
1	116.193.155.38	Bisonal	verified	High
2	XXX.XXX.XXX.XXX	Xxxxxxx	verified	High
3	XXX.XX.XX.XXX	Xxxxxxx	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	TXXXX	CWE-XX	Xxxxxxxxx	predictive	High
3	TXXXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	restore.php	predictive	Medium
2	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	High
3	Argument	xxxxx->xxxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!