Bookworm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
zh8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China16
US: USA4
KR: South Korea2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bookworm3
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Virtualization Software4
Firewall Software2
File Transfer Software2
Web Browser2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Oracle4
Fabrice Bellard2
FileZilla2
Google2
Not Defined2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Audit Vault and Database Firewall2
Fabrice Bellard QEMU2
FileZilla Filezilla Server2
Oracle Agile Product Lifecycle Management for Proc ...2
Google Chrome2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Python urllib.parse input validation6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001000.04CVE-2023-24329
2Plesk Obsidian Login Page injection5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.002160.04CVE-2023-24044
3Hitachi Vantara Pentaho Data Integration & Analytics Tomcat unknown vulnerability5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2023-5617
4Microsoft Windows Kerberos authentication spoofing8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.002140.04CVE-2024-20674
5Google Chrome ANGLE heap-based overflow7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001570.05CVE-2024-0223
6Oracle Agile Product Lifecycle Management for Process Installation Remote Code Execution7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2024-20956
7Oracle Audit Vault and Database Firewall unknown vulnerability7.57.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000480.03CVE-2024-20909
8JForum Login input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001570.05CVE-2012-5338
9strapi Admin Console resource consumption3.83.8$0-$5k$0-$5kNot DefinedNot Defined0.000790.00CVE-2020-8123
10strapi Password Reset Auth.js password recovery9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.888990.05CVE-2019-18818
11FiberHome HG2201T telnet.cgi input validation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
12jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
13Shenzhen Yunni Technology iLnkP2P Authentication improper authentication7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.05CVE-2019-11220
14FileZilla Filezilla Server File Upload infinite loop5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.04CVE-2005-0851
15PHPMyWind index.php Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2019-7660
16Apple macOS Kernel information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2017-13852
17VMware ESXi/Workstation Pro/Player/Fusion Pro/Fusion information disclosure5.75.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000620.05CVE-2017-4905
18VMware Workstation/Fusion Drag/Drop memory corruption9.68.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004000.00CVE-2017-4901
19Adobe Flash Player memory corruption8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.013990.00CVE-2017-3099
20Adobe Flash Player type conversion7.56.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.368140.00CVE-2017-3106

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Thailand

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.248.8.249BookwormThailand09/02/2021verifiedMedium
2103.226.127.47BookwormThailand09/02/2021verifiedMedium
3104.156.239.105104.156.239.105.vultr.comBookwormThailand09/02/2021verifiedLow
4XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
5XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
6XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
7XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
8XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
9XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
10XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium
11XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx09/02/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2TXXXXCAPEC-10CWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/install/index.phppredictiveHigh
2File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
3Filexxxxxx_xxx.xpredictiveMedium
4Filexxxx.xxxpredictiveMedium
5Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
6Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
7ArgumentxxxxpredictiveLow
8ArgumentxxxxxxxxxxpredictiveMedium
9Argumentxxxxx/xxxxpredictiveMedium
10ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!