Bronze Union Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (32)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

zh22
en6
ru2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China30
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bronze Union2
Winnti1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Programming Tool Software2
Programming Language Software2
JavaScript Library2
Database Administration Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Microsoft4
glorylion2
Amcrest2
UJCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft .NET Framework4
hymeleaf-spring52
Microsoft .NET2
Microsoft Visual Studio2
ArcGIS Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1glorylion JFinalOA SysOrg.java sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000520.05CVE-2023-0758
2qBittorrent Client Web User Interface hard-coded credentials8.58.4$0-$5k$0-$5kNot definedNot defined 0.003730.05CVE-2023-30801
3MainWP Matomo Extension Plugin cross-site request forgery5.85.8$0-$5k$0-$5kNot definedNot defined 0.000700.00CVE-2023-23659
4Moment.js path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.004560.42CVE-2022-24785
5UJCMS Jspxcms ?new unrestricted upload7.67.6$0-$5k$0-$5kNot definedNot defined 0.039900.00CVE-2022-23329
6Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial fix 0.022680.00CVE-2023-24897
7Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial fix 0.009020.02CVE-2023-24895
8Microsoft .NET Framework information disclosure5.04.7$5k-$25k$0-$5kUnprovenOfficial fix 0.000760.00CVE-2022-41064
9MyBatis Plus sql injection8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.007060.07CVE-2023-25330
10SourceCodester Apartment Visitor Management System action-visitor.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000410.06CVE-2022-2772
11Amcrest IP2M-841B HTTP Endpoint videotalk improper authentication7.47.0$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.425100.03CVE-2019-3948
12IBM Cognos Business Intelligence cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial fix 0.002290.00CVE-2012-4835
13Synacor Zimbra Collaboration Suite amavisd public unrestricted upload8.48.4$0-$5k$0-$5kHighNot definedverified0.783540.01CVE-2022-41352
14Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php path traversal6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.124110.06CVE-2005-4600
15ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.003850.07CVE-2021-29099
16Synology DiskStation Manager WebAPI path traversal7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.003310.00CVE-2021-29087
17crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider unrestricted upload7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.006560.00CVE-2019-15866
18hymeleaf-spring5 Template injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.039740.06CVE-2021-43466
19Hitachi Energy RTU500 Bidirectional Communication Interface denial of service6.46.4$0-$5k$0-$5kNot definedNot defined 0.005520.00CVE-2021-35533
20Tiny Tiny RSS OTP Code improper authentication6.05.8$0-$5k$0-$5kNot definedOfficial fix 0.001470.00CVE-2021-28373

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bronze Union

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.114.9.174TG-3390Bronze Union12/20/2020verifiedLow
296.90.63.57nleq.comTG-3390Bronze Union12/20/2020verifiedLow
3XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
4XXX.XXX.XX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
5XXX.XX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
6XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
7XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
8XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
9XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
3File/videotalkpredictiveMedium
4Filexxxxxx-xxxxxxx.xxxpredictiveHigh
5Filexxxx_xxxx.xpredictiveMedium
6Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
7Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxx_xxx_xxxx.xxxpredictiveHigh
10Argumentxxxxxx/xxxxxxpredictiveHigh
11ArgumentxxpredictiveLow
12ArgumentxxxxpredictiveLow
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxpredictiveLow
15Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
16Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!