Bifrost Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
zh4
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
cn8
es2
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bifrost5
Grabit1
Snake1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Operating System6
Programming Tool Software2
Asset Management Software2
Communications System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Microsoft4
Mattermost2
Tenable2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
radare22
JDOM2
GLPI2
Mattermost Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel TCP Stack resource management6.46.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.035850.03CVE-2017-5972
2ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.384010.08CVE-2022-29806
3Apache CXF Fediz OIDC Service cross-site request forgery6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.00CVE-2017-7662
4PHPList Subscription sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001520.06CVE-2017-20032
5PHPList Sending Campain sql injection5.35.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.06CVE-2017-20030
6Digium Asterisk RTP resource consumption4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
7Gradle Enterprise support-bundle information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2022-41575
8ZoneMinder Snapshot Action shell_exec authorization8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.969280.03CVE-2023-26035
9Microsoft Windows Imaging Library memory corruption7.37.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020090.00CVE-2020-0708
10Mattermost Server Password Reset improper authentication5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2023-3591
11y_project RuoYi File Upload uploadFilesPath cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000600.08CVE-2023-3815
12WordPress REST API class-wp-rest-users-controller.php information disclosure5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.874100.04CVE-2017-5487
13JDOM SAXBuilder denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
14Microsoft Windows Point-to-Point Protocol Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.400090.02CVE-2022-35744
15avada Theme Stored cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2017-18606
16mxBB Kb Mods file inclusion9.88.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.015730.00CVE-2006-6567
17WordPress Access Restriction user-new.php access control7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
18Cisco Industrial Network Director Web Interface Reflected cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedNot Defined0.001290.00CVE-2017-6675
19radare2 DEX File config.c r_config_set use after free4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2017-9520
20Schneider Electric SoMachine HVAC DLL Loader access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.011280.00CVE-2017-7966

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
120.72.235.82Bifrost01/30/2023verifiedHigh
223.222.236.33a23-222-236-33.deploy.static.akamaitechnologies.comBifrost01/16/2023verifiedHigh
324.201.72.161modemcable161.72-201-24.mc.videotron.caBifrost01/16/2023verifiedHigh
431.170.164.19Bifrost01/30/2023verifiedHigh
5XX.XX.XX.XXXXxxxxxx03/05/2024verifiedHigh
6XX.X.XXX.XXxxx-xx-x-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxx01/30/2023verifiedMedium
7XX.XXX.XXX.XXXXxxxxxx06/03/2023verifiedHigh
8XXX.XX.XX.XXXxxxxxx07/22/2021verifiedHigh
9XXX.XX.XXX.XXXxxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxx01/30/2023verifiedHigh
10XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxx06/03/2023verifiedHigh
11XXX.XXX.XXX.XXXx-xxxxxx.xxXxxxxxx01/30/2023verifiedHigh
12XXX.XX.XXX.XXXxxxxxxxx.xxxx.xxXxxxxxx04/12/2022verifiedHigh
13XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxx07/22/2021verifiedHigh
14XXX.XXX.X.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxx07/22/2021verifiedHigh
15XXX.XXX.XX.XXxxxx.xxxx.xxx.xxxXxxxxxx01/16/2023verifiedHigh
16XXX.XXX.XX.XXXXxxxxxx01/30/2023verifiedHigh
17XXX.XX.XX.XXXXxxxxxx04/12/2022verifiedHigh
18XXX.XX.XXX.XXXxxxxxx01/30/2023verifiedHigh
19XXX.XX.XXX.XXXxxxx.xxxx.xxXxxxxxx01/30/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/lists/admin/predictiveHigh
2Fileconvert.cpredictiveMedium
3Fileinc/autoload.function.phppredictiveHigh
4Filexxxxxx/xxxxx/xxxx_xxxxxx.xpredictiveHigh
5Filexxxx/xxxxxx/xxxxxx.xpredictiveHigh
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxxx.xxpredictiveHigh
8Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
9Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
10ArgumentxxxxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxpredictiveMedium
12Argumentxxxxxx_xxxx_xxxxpredictiveHigh
13ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
14Argumentxxx_xxxxxxxxx_xxxxxxx_xxxxpredictiveHigh
15Input Value.._predictiveLow

References (8)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!