BistroMath Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (214)

Chronologie

Langue

en172
de36
jp2
fr2
es2

De campagne

gb126
us48
ch24
de6
fr4

Acteurs

BistroMath4
Bistromath1
Cobalt Strike1

Activités

Intérêt

Chronologie

Taper

Not Defined76
Operating System18
Web Server14
Application Server Software10
Content Management System8

Fournisseur

Not Defined46
Microsoft28
Apache20
Oracle10
Citrix6

Produit

Microsoft Windows12
Apache HTTP Server8
Microsoft Office6
Citrix ADC4
Citrix Gateway4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.28CVE-2020-12440
2Abacus ERP Multi Factor Authentication authentification faible7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.00CVE-2022-1065
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.21CVE-2017-0055
4Microsoft Windows Win32k Privilege Escalation7.26.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001130.00CVE-2022-21882
5Apache OFBiz Exception divulgation de l'information6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001440.00CVE-2021-25958
6BlackBer Protect Message Broker Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedUnavailable0.000440.00CVE-2021-32023
7Oracle WebLogic Server Core Remote Code Execution9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001370.02CVE-2023-22069
8Spring Framework JSONP Cross-Domain elévation de privilèges5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002640.03CVE-2018-11040
9ownCloud graphapi GetPhpInfo.php divulgation de l'information7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.869820.04CVE-2023-49103
10Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114
11Moment.js directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.04CVE-2022-24785
12Rapid4 RapidFlows Enterprise Application Builder GetFile.aspx directory traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2019-11397
13Apache CXF MTOM Request XOP:Include elévation de privilèges7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.028500.00CVE-2022-46364
14HCL Domino Server MIME Message buffer overflow9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004910.02CVE-2020-14244
15sitepress-multilingual-cms Plugin class-wp-installer.php cross site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004270.04CVE-2020-10568
16Dropbear SSH elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.04CVE-2016-7406
17Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.03CVE-2021-43947
18Matrix libolm Session Object olm_session_describe buffer overflow6.36.0$0-$5kCalculateurNot DefinedOfficial Fix0.006850.00CVE-2021-44538
19Apache Tomcat UTF-8 Decoder dénie de service6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.018300.03CVE-2018-1336
20polkit pkexec elévation de privilèges8.88.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000460.04CVE-2021-4034

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1159.0.0.0BistroMath15/02/2020verifiedÉlevé
2159.100.0.0BistroMath15/02/2020verifiedÉlevé
3XXX.XXX.XXX.XXxxxxxxxxx15/02/2020verifiedÉlevé
4XXX.XXX.XXX.XXxxxxxxxxx15/02/2020verifiedÉlevé
5XXX.XXX.XXX.XXXXxxxxxxxxx31/03/2022verifiedÉlevé
6XXX.XXX.XXX.XXXXxxxxxxxxx15/02/2020verifiedÉlevé
7XXX.XXX.XXX.XXXXxxxxxxxxx15/02/2020verifiedÉlevé
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxx.xxXxxxxxxxxx15/02/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/app/register.phppredictiveÉlevé
2File/etc/cron.d/predictiveMoyen
3File/rom-0predictiveFaible
4File/uncpath/predictiveMoyen
5File/usr/bin/pkexecpredictiveÉlevé
6Filexxxxx/xxxxx.xxxpredictiveÉlevé
7Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveÉlevé
8Filexxx.xxxpredictiveFaible
9Filexxxxxx.xxxpredictiveMoyen
10Filexxx/xxxx/xxx_xxxx.xpredictiveÉlevé
11Filexxxxxxx.xxxxpredictiveMoyen
12Filexxxxxxxxxx.xxxpredictiveÉlevé
13Filexxxxxxx.xxxpredictiveMoyen
14Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveÉlevé
15Filexxxxx.xxxpredictiveMoyen
16Filexxxxx/xxxxxxxx.xpredictiveÉlevé
17Filexxxxxxxxx/xxxxxx.xxxxx.xxxpredictiveÉlevé
18Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveÉlevé
19Filexxxxx.xxxpredictiveMoyen
20Filexxxxxx.xxxpredictiveMoyen
21Filexxx.xxxxxpredictiveMoyen
22Filexxxx-xxxxx.xxxpredictiveÉlevé
23Filexxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
24Filexxxxxxxx/predictiveMoyen
25File~/xxxxxxxxxxxxx.xxxpredictiveÉlevé
26ArgumentxxpredictiveFaible
27ArgumentxxxxxpredictiveFaible
28ArgumentxxpredictiveFaible
29ArgumentxxxxxxxxpredictiveMoyen
30ArgumentxxxxxpredictiveFaible
31ArgumentxxxxpredictiveFaible
32ArgumentxxxxpredictiveFaible
33ArgumentxxxxxxxxxxxpredictiveMoyen
34Argumentx_xxxxpredictiveFaible
35Argumentxxxxxx_xxxpredictiveMoyen
36ArgumentxxxxxxxxpredictiveMoyen
37ArgumentxxxxxpredictiveFaible
38Argumentxxxxx/xxxxxpredictiveMoyen
39ArgumentxxxxxxpredictiveFaible
40Argumentxxxxxxxx/xxxxpredictiveÉlevé
41Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!