Bronze Starlight Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
zh24
ru6
ja4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA46
CN: China34
RU: Russia4
DE: Germany2
IR: Iran2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bronze Starlight3
Cobalt Strike2
Tofsee1
UAC-00101
Fodcha1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Operating System10
Programming Tool Software4
Programming Language Software4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Apache10
Linux6
Microsoft6
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
PHP4
Apache Kafka4
Microsoft Windows4
4images Image Gallery Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.09
2SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.86CVE-2022-28959
3Joomla CMS sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001960.03CVE-2019-19846
4Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$0-$5kHighOfficial Fix0.972430.02CVE-2022-40684
5PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.015250.13CVE-2007-1287
6Palo Alto PAN-OS GlobalProtect Gateway improper authorization7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003240.02CVE-2020-2050
7OpenClinic test_new.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2020-28939
8contact-form-7 Plugin register_post_type access control8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2018-20979
9CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000840.18CVE-2024-11676
10JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004480.10CVE-2010-5048
11AdminLTE index2.html path traversal8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.003130.05CVE-2021-36471
12AdminLTE phpqueryads.php access control5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.017610.06CVE-2022-23513
13Microsoft Windows CD-ROM Driver Privilege Escalation8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.001530.00CVE-2022-24455
14Apple Xcode Git access control6.76.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2022-24765
15SRS Simple Hits Counter Plugin sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003380.00CVE-2020-5766
16PrestaShop sql injection8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.933700.02CVE-2021-3110
17Qualcomm Snapdragon Auto Metadata Size integer overflow8.48.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000530.04CVE-2024-33035
18Linux Kernel f2fs release_compress_blocks Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-34027
19Linux Kernel a key past its expiration date7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2024-36031
20Linux Kernel ksmbd Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-26594

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.101.19145.32.101.191.vultrusercontent.comBronze StarlightHUI Loader06/28/2022verifiedLow
2XX.XX.XXX.XXXxxxxx XxxxxxxxxXxx Xxxxxx06/28/2022verifiedMedium
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx XxxxxxxxxXxx Xxxxxx06/28/2022verifiedLow

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index2.htmlpredictiveHigh
2File/admin/scripts/pi-hole/phpqueryads.phppredictiveHigh
3File/api/databasepredictiveHigh
4File/backend/admin/his_admin_add_lab_equipment.phppredictiveHigh
5File/xx-xxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
6File/xxxx/xxx/xxx-xxx/xxxxxxxxxxx.xxxpredictiveHigh
7File/xxxx.xxxpredictiveMedium
8Filexxx/xxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxpredictiveMedium
11Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
12Filexxxx-xxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveHigh
15Filexxxxx.xxxxpredictiveMedium
16Filexxxxxxx/xxxx_xxx.xxxpredictiveHigh
17Filexxxx.xxxpredictiveMedium
18Filexxxx.xxpredictiveLow
19File\xxxxx\xxxxxxxxxx\xxxxxxxpredictiveHigh
20File_xxxxxxxx/xxxx?xxxxpredictiveHigh
21Argumentxxxxxxxxxx_xxxxpredictiveHigh
22Argumentxx_xxxxxpredictiveMedium
23ArgumentxxxpredictiveLow
24ArgumentxxxxxxxpredictiveLow
25Argumentxxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxpredictiveHigh
26Argumentxx_xxxxxxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxpredictiveMedium
30Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!