Bookworm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	16
zh	4

Country

cn	10
us	8
kr	2

Actors

Bookworm	2
Cobalt Strike	1

Activities

Interest

Timeline

Type

Not Defined	8
Multimedia Player Software	4
Photo Gallery Software	2
Forum Software	2
Virtualization Software	2

Vendor

Not Defined	6
Adobe	4
Magnifica	2
Shenzhen Yunni Technology	2
Fabrice Bellard	2

Product

Adobe Flash Player	4
strapi	2
Magnifica Webscripts Anima Gallery	2
jforum	2
PHPMyWind	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Microsoft Windows Kerberos authentication spoofing	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.00048	CVE-2024-20674
2	Google Chrome ANGLE heap-based overflow	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.06	0.00157	CVE-2024-0223
3	Oracle Agile Product Lifecycle Management for Process Installation Remote Code Execution	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00046	CVE-2024-20956
4	Oracle Audit Vault and Database Firewall unknown vulnerability	7.5	7.2	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.02	0.00048	CVE-2024-20909
5	JForum Login input validation	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00151	CVE-2012-5338
6	strapi Admin Console resource consumption	3.8	3.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00079	CVE-2020-8123
7	strapi Password Reset Auth.js password recovery	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.89298	CVE-2019-18818
8	FiberHome HG2201T telnet.cgi input validation	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00609	CVE-2019-17186
9	jforum User input validation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00289	CVE-2019-7550
10	Shenzhen Yunni Technology iLnkP2P Authentication improper authentication	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00669	CVE-2019-11220
11	FileZilla Filezilla Server File Upload infinite loop	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00159	CVE-2005-0851
12	PHPMyWind index.php Stored cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00087	CVE-2019-7660
13	Apple macOS Kernel information disclosure	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00099	CVE-2017-13852
14	VMware ESXi/Workstation Pro/Player/Fusion Pro/Fusion information disclosure	5.7	5.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01	0.00062	CVE-2017-4905
15	VMware Workstation/Fusion Drag/Drop memory corruption	9.6	8.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00400	CVE-2017-4901
16	Adobe Flash Player memory corruption	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.01399	CVE-2017-3099
17	Adobe Flash Player type conversion	7.5	6.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.27750	CVE-2017-3106
18	Fabrice Bellard QEMU cirrus_vga.c memory corruption	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00100	CVE-2014-8106
19	Magnifica Webscripts Anima Gallery func.php path traversal	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00383	CVE-2015-4415

Campaigns (1)

These are the campaigns that can be associated with the actor:

Thailand

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	43.248.8.249		Bookworm	Thailand	09/02/2021	verified	High
2	103.226.127.47		Bookworm	Thailand	09/02/2021	verified	High
3	104.156.239.105	104.156.239.105.vultr.com	Bookworm	Thailand	09/02/2021	verified	Medium
4	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
5	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
6	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
7	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
8	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
9	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
10	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High
11	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	09/02/2021	verified	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
3	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/install/index.php	predictive	High
2	File	/var/WEB-GUI/cgi-bin/telnet.cgi	predictive	High
3	File	xxxxxx_xxx.x	predictive	Medium
4	File	xxxx.xxx	predictive	Medium
5	File	xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx	predictive	High
6	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
7	Argument	xxxxxxxxxx	predictive	Medium
8	Argument	xxxxx/xxxx	predictive	Medium
9	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!