Bronze Union Analysis

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en10
zh10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tiny Tiny RSS4
Synacor Zimbra Collaboration Suite2
Synology DiskStation Manager2
TickFa2
phpMyAdmin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1IBM Cognos Business Intelligence cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.010.00178CVE-2012-4835
2Synacor Zimbra Collaboration Suite amavisd public unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.030.96995CVE-2022-41352
3Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php path traversal6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00450CVE-2005-4600
4ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00072CVE-2021-29099
5Synology DiskStation Manager WebAPI path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00097CVE-2021-29087
6crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider unrestricted upload7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2019-15866
7hymeleaf-spring5 Template injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.02265CVE-2021-43466
8Hitachi Energy RTU500 Bidirectional Communication Interface denial of service6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00078CVE-2021-35533
9Tiny Tiny RSS OTP Code improper authentication6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00079CVE-2021-28373
10Tiny Tiny RSS cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00065CVE-2017-1000035
11phpMyAdmin cross site scripting6.36.0$25k-$100k$0-$5kHighOfficial Fix0.020.00432CVE-2008-2960
12ThinkPHP input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97473CVE-2019-9082
13SonicWALL Email Security Appliance improper authorization8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00510CVE-2019-7489
14Palo Alto PAN-OS xml external entity reference8.17.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00779CVE-2017-9458
15D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.030.00000
16Oracle MySQL Server DML access control6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00141CVE-2017-3634
17Google Monorail cross-site request forgery4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00227CVE-2018-19334
18lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00794CVE-2015-3200
19Cisco ASA IKEv1/IKEv2 ikev2_add_rcv_frag memory corruption9.99.4$100k and more$0-$5kProof-of-ConceptOfficial Fix0.000.96997CVE-2016-1287
20TickFa ticket.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2015-4676

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bronze Union

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
3Filexxxx_xxxx.xpredictiveMedium
4Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxxx_xxx_xxxx.xxxpredictiveHigh
7ArgumentxxxxpredictiveLow
8ArgumentxxxxxxxxpredictiveMedium
9ArgumentxxxpredictiveLow
10Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
11Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!