Bifrost 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

タイムライン

言語

en34
zh4
fr2

国・地域

us28
cn8
ru2
fr2

アクター

Bifrost3
Grabit1
Snake1
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined10
Operating System4
Application Server Software4
Image Processing Software4
Asset Management Software2

ベンダー

Not Defined14
Linux4
IBM4
Alienvault2
Apache2

製品

Linux Kernel4
OpenJPEG4
Alienvault OSSIM2
Alienvault USM2
IBM WebSphere Cast Iron2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Linux Kernel TCP Stack サービス拒否6.46.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.035850.03CVE-2017-5972
2ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.384010.03CVE-2022-29806
3Apache CXF Fediz OIDC Service 未知の脆弱性6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.00CVE-2017-7662
4PHPList Subscription SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001520.26CVE-2017-20032
5PHPList Sending Campain SQLインジェクション5.35.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.30CVE-2017-20030
6Digium Asterisk RTP サービス拒否4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
7Gradle Enterprise support-bundle 情報の漏洩5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2022-41575
8ZoneMinder Snapshot Action shell_exec 特権昇格8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.969280.03CVE-2023-26035
9Microsoft Windows Imaging Library メモリ破損7.37.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020090.00CVE-2020-0708
10Mattermost Server Password Reset 弱い認証5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-3591
11y_project RuoYi File Upload uploadFilesPath クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000600.06CVE-2023-3815
12WordPress REST API class-wp-rest-users-controller.php 情報の漏洩5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.874100.03CVE-2017-5487
13JDOM SAXBuilder サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
14Microsoft Windows Point-to-Point Protocol Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.415070.02CVE-2022-35744
15avada Theme Stored クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2017-18606
16mxBB Kb Mods 特権昇格9.88.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.015730.00CVE-2006-6567
17WordPress Access Restriction user-new.php 特権昇格7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
18Cisco Industrial Network Director Web Interface Reflected クロスサイトスクリプティング5.25.2$5k-$25k$0-$5kNot DefinedNot Defined0.001290.00CVE-2017-6675
19radare2 DEX File config.c r_config_set メモリ破損4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2017-9520
20Schneider Electric SoMachine HVAC DLL Loader 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.011280.00CVE-2017-7966

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
120.72.235.82Bifrost2023年01月30日verified
223.222.236.33a23-222-236-33.deploy.static.akamaitechnologies.comBifrost2023年01月16日verified
324.201.72.161modemcable161.72-201-24.mc.videotron.caBifrost2023年01月16日verified
431.170.164.19Bifrost2023年01月30日verified
5XX.XX.XX.XXXXxxxxxx2024年03月05日verified
6XX.X.XXX.XXxxx-xx-x-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxx2023年01月30日verified
7XX.XXX.XXX.XXXXxxxxxx2023年06月03日verified
8XXX.XX.XX.XXXxxxxxx2021年07月22日verified
9XXX.XX.XXX.XXXxxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxx2023年01月30日verified
10XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxx2023年06月03日verified
11XXX.XXX.XXX.XXXx-xxxxxx.xxXxxxxxx2023年01月30日verified
12XXX.XX.XXX.XXXxxxxxxxx.xxxx.xxXxxxxxx2022年04月12日verified
13XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxx2021年07月22日verified
14XXX.XXX.X.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxx2021年07月22日verified
15XXX.XXX.XX.XXxxxx.xxxx.xxx.xxxXxxxxxx2023年01月16日verified
16XXX.XXX.XX.XXXXxxxxxx2023年01月30日verified
17XXX.XX.XX.XXXXxxxxxx2022年04月12日verified
18XXX.XX.XXX.XXXxxxxxx2023年01月30日verified
19XXX.XX.XXX.XXXxxxx.xxxx.xxXxxxxxx2023年01月30日verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/lists/admin/predictive
2Fileconvert.cpredictive
3Fileinc/autoload.function.phppredictive
4Filexxxxxx/xxxxx/xxxx_xxxxxx.xpredictive
5Filexxxx/xxxxxx/xxxxxx.xpredictive
6Filexxxxxxxx.xxxpredictive
7Filexxxxxxxxxxxx.xxpredictive
8Filexx-xxxxx/xxxx-xxx.xxxpredictive
9Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
10Argumentxxxxxxxxxxpredictive
11Argumentxxxxxxxxpredictive
12Argumentxxxxxx_xxxx_xxxxpredictive
13Argumentxxxxxxxxxxxxxxxxxpredictive
14Argumentxxx_xxxxxxxxx_xxxxxxx_xxxxpredictive
15Input Value.._predictive

参考 (8)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!