Bifrost Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Langue

en	34
fr	2
es	2
zh	2

De campagne

us	28
ca	4
cn	4
fr	2
es	2

Acteurs

Bifrost	4
Grabit	1
Snake	1
Cobalt Strike	1

Intérêt

Taper

Not Defined	10
Content Management System	6
Application Server Software	4
Image Processing Software	4
Mailing List Software	2

Fournisseur

Not Defined	14
Apache	4
Gradle	2
mxBB	2
IBM	2

Produit

Apache CXF Fediz	4
WordPress	4
OpenJPEG	4
Gradle Enterprise	2
mxBB Kb Mods	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	Linux Kernel TCP Stack dénie de service	6.4	6.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.03585	CVE-2017-5972
2	ZoneMinder Language Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.38401	CVE-2022-29806
3	Apache CXF Fediz OIDC Service cross site request forgery	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00145	CVE-2017-7662
4	PHPList Subscription sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00152	CVE-2017-20032
5	PHPList Sending Campain sql injection	5.3	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00088	CVE-2017-20030
6	Digium Asterisk RTP dénie de service	4.3	4.1	$0-$5k	Calculateur	Not Defined	Official Fix	0.00	0.00000
7	Gradle Enterprise support-bundle divulgation de l'information	5.9	5.8	$0-$5k	Calculateur	Not Defined	Official Fix	0.00	0.00166	CVE-2022-41575
8	ZoneMinder Snapshot Action shell_exec elévation de privilèges	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.96928	CVE-2023-26035
9	Microsoft Windows Imaging Library buffer overflow	7.3	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.01869	CVE-2020-0708
10	Mattermost Server Password Reset authentification faible	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00087	CVE-2023-3591
11	y_project RuoYi File Upload uploadFilesPath cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00060	CVE-2023-3815
12	WordPress REST API class-wp-rest-users-controller.php divulgation de l'information	5.3	5.1	$5k-$25k	$0-$5k	Functional	Official Fix	0.00	0.87410	CVE-2017-5487
13	JDOM SAXBuilder dénie de service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00480	CVE-2021-33813
14	Microsoft Windows Point-to-Point Protocol Remote Code Execution	9.8	8.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02	0.36863	CVE-2022-35744
15	avada Theme Stored cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00078	CVE-2017-18606
16	mxBB Kb Mods elévation de privilèges	9.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.01573	CVE-2006-6567
17	WordPress Access Restriction user-new.php elévation de privilèges	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00372	CVE-2017-17091
18	Cisco Industrial Network Director Web Interface Reflected cross site scripting	5.2	5.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00129	CVE-2017-6675
19	radare2 DEX File config.c r_config_set buffer overflow	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00077	CVE-2017-9520
20	Schneider Electric SoMachine HVAC DLL Loader elévation de privilèges	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.01128	CVE-2017-7966

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	20.72.235.82		Bifrost	30/01/2023	verified	Élevé
2	23.222.236.33	a23-222-236-33.deploy.static.akamaitechnologies.com	Bifrost	16/01/2023	verified	Élevé
3	24.201.72.161	modemcable161.72-201-24.mc.videotron.ca	Bifrost	16/01/2023	verified	Élevé
4	31.170.164.19		Bifrost	30/01/2023	verified	Élevé
5	XX.XX.XX.XXX		Xxxxxxx	05/03/2024	verified	Élevé
6	XX.X.XXX.XX	xxx-xx-x-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxx	30/01/2023	verified	Moyen
7	XX.XXX.XXX.XXX		Xxxxxxx	03/06/2023	verified	Élevé
8	XXX.XX.XX.XX		Xxxxxxx	22/07/2021	verified	Élevé
9	XXX.XX.XXX.XXX	xxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxx	30/01/2023	verified	Élevé
10	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	03/06/2023	verified	Élevé
11	XXX.XXX.XXX.XXX	x-xxxxxx.xx	Xxxxxxx	30/01/2023	verified	Élevé
12	XXX.XX.XXX.XXX	xxxxxxxx.xxxx.xx	Xxxxxxx	12/04/2022	verified	Élevé
13	XXX.XXX.XXX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxx	22/07/2021	verified	Élevé
14	XXX.XXX.X.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	22/07/2021	verified	Élevé
15	XXX.XXX.XX.XX	xxxx.xxxx.xxx.xxx	Xxxxxxx	16/01/2023	verified	Élevé
16	XXX.XXX.XX.XXX		Xxxxxxx	30/01/2023	verified	Élevé
17	XXX.XX.XX.XXX		Xxxxxxx	12/04/2022	verified	Élevé
18	XXX.XX.XXX.XX		Xxxxxxx	30/01/2023	verified	Élevé
19	XXX.XX.XXX.XXX	xxxx.xxxx.xx	Xxxxxxx	30/01/2023	verified	Élevé

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/lists/admin/	predictive	Élevé
2	File	convert.c	predictive	Moyen
3	File	inc/autoload.function.php	predictive	Élevé
4	File	xxxxxx/xxxxx/xxxx_xxxxxx.x	predictive	Élevé
5	File	xxxx/xxxxxx/xxxxxx.x	predictive	Élevé
6	File	xxxxxxxx.xxx	predictive	Moyen
7	File	xxxxxxxxxxxx.xx	predictive	Élevé
8	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Élevé
9	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Élevé
10	Argument	xxxxxxxxxx	predictive	Moyen
11	Argument	xxxxxxxx	predictive	Moyen
12	Argument	xxxxxx_xxxx_xxxx	predictive	Élevé
13	Argument	xxxxxxxxxxxxxxxxx	predictive	Élevé
14	Argument	xxx_xxxxxxxxx_xxxxxxx_xxxx	predictive	Élevé
15	Input Value	.._	predictive	Faible

Références (8)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!