Bronze Union Analysis

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	10
zh	10

Country

cn	20

Actors

Bronze Union	2
PassCV	1

Activities

Interest

Timeline

Type

Not Defined	8
Groupware Software	2
Network Attached Storage Software	2
Database Administration Software	2
Router Operating System	2

Vendor

Not Defined	6
Tiny	4
Synacor	2
Synology	2
Google	2

Product

Tiny Tiny RSS	4
Synacor Zimbra Collaboration Suite	2
Synology DiskStation Manager	2
TickFa	2
phpMyAdmin	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	IBM Cognos Business Intelligence cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	High	Official Fix	0.01	0.00178	CVE-2012-4835
2	Synacor Zimbra Collaboration Suite amavisd public unrestricted upload	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.96995	CVE-2022-41352
3	Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php path traversal	6.5	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00450	CVE-2005-4600
4	ArcGIS Server sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00072	CVE-2021-29099
5	Synology DiskStation Manager WebAPI path traversal	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00097	CVE-2021-29087
6	crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider unrestricted upload	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00090	CVE-2019-15866
7	hymeleaf-spring5 Template injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.02265	CVE-2021-43466
8	Hitachi Energy RTU500 Bidirectional Communication Interface denial of service	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00078	CVE-2021-35533
9	Tiny Tiny RSS OTP Code improper authentication	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00079	CVE-2021-28373
10	Tiny Tiny RSS cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00065	CVE-2017-1000035
11	phpMyAdmin cross site scripting	6.3	6.0	$25k-$100k	$0-$5k	High	Official Fix	0.02	0.00432	CVE-2008-2960
12	ThinkPHP input validation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.97473	CVE-2019-9082
13	SonicWALL Email Security Appliance improper authorization	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00510	CVE-2019-7489
14	Palo Alto PAN-OS xml external entity reference	8.1	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00779	CVE-2017-9458
15	D-Link DIR-645 Authentication getcfg.php information disclosure	8.6	8.2	$5k-$25k	$0-$5k	High	Official Fix	0.03	0.00000
16	Oracle MySQL Server DML access control	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00141	CVE-2017-3634
17	Google Monorail cross-site request forgery	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00227	CVE-2018-19334
18	lighttpd Log File http_auth.c injection	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00794	CVE-2015-3200
19	Cisco ASA IKEv1/IKEv2 ikev2_add_rcv_frag memory corruption	9.9	9.4	$100k and more	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.96997	CVE-2016-1287
20	TickFa ticket.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00109	CVE-2015-4676

Campaigns (1)

These are the campaigns that can be associated with the actor:

Bronze Union

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	45.114.9.174		Bronze Union		verified	High
2	96.90.63.57	nleq.com	Bronze Union		verified	High
3	104.130.244.126		TG-3390	Bronze Union	verified	High
4	XXX.XXX.XX.XXX		Xxxxxx Xxxxx		verified	High
5	XXX.XX.XXX.XXX		Xxxxxx Xxxxx		verified	High
6	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High
7	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High
8	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	verified	High
9	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	verified	High
10	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High
11	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High
12	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High
13	XXX.XXX.XXX.XXX		Xxxxxx Xxxxx		verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/getcfg.php	predictive	Medium
2	File	/opt/zimbra/jetty/webapps/zimbra/public	predictive	High
3	File	xxxx_xxxx.x	predictive	Medium
4	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	High
5	File	xxxxxx.xxx	predictive	Medium
6	File	xxxx_xxx_xxxx.xxx	predictive	High
7	Argument	xxxx	predictive	Low
8	Argument	xxxxxxxx	predictive	Medium
9	Argument	xxx	predictive	Low
10	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	High
11	Network Port	xxx xxxxxx xxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!