BistroMath Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (214)

Lang

en	166
de	40
fr	4
ja	2
jp	2

Land

gb	122
us	60
ch	18
de	8
it	2

Skådespelare

BistroMath	2
Bistromath	1

Intressera

Typ

Not Defined	66
Web Server	18
Operating System	14
Content Management System	14
Application Server Software	12

Säljare

Not Defined	56
Microsoft	22
Apache	12
Oracle	8
Adobe	6

Produkt

Microsoft Windows	8
Apache HTTP Server	6
Microsoft IIS	4
Google Chrome	4
nginx	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	nginx privilegier eskalering	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00241	CVE-2020-12440
2	Abacus ERP Multi Factor Authentication svag autentisering	7.2	7.0	$0-$5k	Beräknande	Not Defined	Official Fix	0.00	0.00266	CVE-2022-1065
3	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00548	CVE-2017-0055
4	Microsoft Windows Win32k Privilege Escalation	7.2	6.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00137	CVE-2022-21882
5	Apache OFBiz Exception informationsgivning	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00144	CVE-2021-25958
6	BlackBer Protect Message Broker Privilege Escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00	0.00044	CVE-2021-32023
7	Oracle WebLogic Server Core Remote Code Execution	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03	0.00137	CVE-2023-22069
8	Spring Framework JSONP Cross-Domain privilegier eskalering	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00264	CVE-2018-11040
9	ownCloud graphapi GetPhpInfo.php informationsgivning	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.86982	CVE-2023-49103
10	Esri ArcGIS Server sql injektion	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00123	CVE-2021-29114
11	Moment.js kataloggenomgång	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00330	CVE-2022-24785
12	Rapid4 RapidFlows Enterprise Application Builder GetFile.aspx kataloggenomgång	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00071	CVE-2019-11397
13	Apache CXF MTOM Request XOP:Include privilegier eskalering	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.02850	CVE-2022-46364
14	HCL Domino Server MIME Message minneskorruption	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00491	CVE-2020-14244
15	sitepress-multilingual-cms Plugin class-wp-installer.php förfalskning på begäran över webbplatsen	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00427	CVE-2020-10568
16	Dropbear SSH privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.02911	CVE-2016-7406
17	Atlassian JIRA Server/Data Center Email Template Privilege Escalation	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00199	CVE-2021-43947
18	Matrix libolm Session Object olm_session_describe minneskorruption	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00685	CVE-2021-44538
19	Apache Tomcat UTF-8 Decoder förnekande av tjänsten	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.01830	CVE-2018-1336
20	polkit pkexec privilegier eskalering	8.8	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.04	0.00046	CVE-2021-4034

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	159.0.0.0		BistroMath	15/02/2020	verified	Hög
2	159.100.0.0		BistroMath	15/02/2020	verified	Hög
3	XXX.XXX.XXX.X		Xxxxxxxxxx	15/02/2020	verified	Hög
4	XXX.XXX.XXX.X		Xxxxxxxxxx	15/02/2020	verified	Hög
5	XXX.XXX.XXX.XXX		Xxxxxxxxxx	31/03/2022	verified	Hög
6	XXX.XXX.XXX.XXX		Xxxxxxxxxx	15/02/2020	verified	Hög
7	XXX.XXX.XXX.XXX		Xxxxxxxxxx	15/02/2020	verified	Hög
8	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xx.xxxxxxxxxxx.xx	Xxxxxxxxxx	15/02/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	Hög
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	T1059	CWE-94	Argument Injection	predictive	Hög
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
14	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
15	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Hög
16	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
17	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/app/register.php	predictive	Hög
2	File	/etc/cron.d/	predictive	Medium
3	File	/rom-0	predictive	Låg
4	File	/uncpath/	predictive	Medium
5	File	/usr/bin/pkexec	predictive	Hög
6	File	xxxxx/xxxxx.xxx	predictive	Hög
7	File	x:\xxxxxxx\xxxxxxxx\xxxxxx\xxx	predictive	Hög
8	File	xxx.xxx	predictive	Låg
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxx/xxxx/xxx_xxxx.x	predictive	Hög
11	File	xxxxxxx.xxxx	predictive	Medium
12	File	xxxxxxxxxx.xxx	predictive	Hög
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	predictive	Hög
15	File	xxxxx.xxx	predictive	Medium
16	File	xxxxx/xxxxxxxx.x	predictive	Hög
17	File	xxxxxxxxx/xxxxxx.xxxxx.xxx	predictive	Hög
18	File	xxxxxxxx/xxxx?xxxxxx=xx	predictive	Hög
19	File	xxxxx.xxx	predictive	Medium
20	File	xxxxxx.xxx	predictive	Medium
21	File	xxx.xxxxx	predictive	Medium
22	File	xxxx-xxxxx.xxx	predictive	Hög
23	File	xxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
24	File	xxxxxxxx/	predictive	Medium
25	File	~/xxxxxxxxxxxxx.xxx	predictive	Hög
26	Argument	xx	predictive	Låg
27	Argument	xxxxx	predictive	Låg
28	Argument	xx	predictive	Låg
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xxxxx	predictive	Låg
31	Argument	xxxx	predictive	Låg
32	Argument	xxxx	predictive	Låg
33	Argument	xxxxxxxxxxx	predictive	Medium
34	Argument	x_xxxx	predictive	Låg
35	Argument	xxxxxx_xxx	predictive	Medium
36	Argument	xxxxxxxx	predictive	Medium
37	Argument	xxxxx	predictive	Låg
38	Argument	xxxxx/xxxxx	predictive	Medium
39	Argument	xxxxxx	predictive	Låg
40	Argument	xxxxxxxx/xxxx	predictive	Hög
41	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!