Bisonal Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Cronología

Idioma

en14
zh2

País

cn8
us4
th2
br2

Actores

Bisonal3

Ocupaciones

Interesar

Cronología

Escribe

Not Defined14
Content Management System2

Proveedor

Not Defined8
Bitrix4
Tiki2
Atlassian2

Producto

Bitrix Site Manager4
Bitrix2
FLDS2
INFINICART2
CodeIgniter2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Bitrix Site Manager redirect.php escalada de privilegios5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
2FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.06CVE-2008-5928
3Idera Travis CI Activation .travis.yml divulgación de información2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.001560.02CVE-2021-41077
4Autoptimize Plugin Import escalada de privilegios5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010160.00CVE-2021-24376
5Bitrix Upload from Local Disk Feature restore.php escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-29268
6Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.00CVE-2022-27228
7SSH Agent Plugin escalada de privilegios3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2022-20620
8CodeIgniter Sendmail Email.php escalada de privilegios8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.049200.04CVE-2016-10131
9Atlassian Bitbucket Data Center directory traversal8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2019-3397
10furlongm openvpn-monitor Management Interface Socket escalada de privilegios3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2021-31605
11VMware vCenter Server Analytics Service escalada de privilegios8.68.5$5k-$25k$0-$5kHighOfficial Fix0.973890.07CVE-2021-22005
12WordPress HTML Element general-template.php cross site scripting4.44.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000940.03CVE-2017-17093
13Linux Kernel UDP Packet udp.c escalada de privilegios8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.048370.03CVE-2016-10229
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
15Tiki TikiWiki tiki-editpage.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
16INFINICART browse_group.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002620.00CVE-2006-5957

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
10.0.0.0Bisonal2020-03-07verifiedAlto
261.90.202.19761-90-202-197.static.asianet.co.thBisonal2020-03-07verifiedAlto
3XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxx.xxxxxxx.xx.xxXxxxxxx2020-03-07verifiedAlto
4XX.XXX.XXX.XXxxxxxxxx.xxxXxxxxxx2020-03-07verifiedAlto
5XXX.XXX.XXX.XXXxxxxxx2020-12-22verifiedAlto
6XXX.XXX.XXX.XXXXxxxxxx2020-03-07verifiedAlto
7XXX.XXX.XXX.XXXXxxxxxx2022-07-30verifiedAlto
8XXX.XX.XX.XXXXxxxxxx2020-12-22verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File.travis.ymlpredictiveMedio
2Filebrowse_group.asppredictiveAlto
3Filedata/gbconfiguration.datpredictiveAlto
4Filexxxxx.xxxpredictiveMedio
5Filexxxxxxxx.xxxpredictiveMedio
6Filexxxxxxx.xxxpredictiveMedio
7Filexxxx-xxxxxxxx.xxxpredictiveAlto
8Filexxx.xpredictiveBajo
9Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveAlto
10Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
11Argumentxxxxx->xxxxpredictiveMedio
12ArgumentxxxxpredictiveBajo
13ArgumentxxpredictiveBajo
14ArgumentxxxxpredictiveBajo
15ArgumentxxxxxpredictiveBajo
16Network PortxxxpredictiveBajo

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!