Bronze Butler تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

التسلسل الزمني

اللغة

en20

البلد

cn10
kr6
jp2
us2

الفاعلين

Daserf1
Winnti1
Bronze Butler1
APT411

النشاطات

الاهتمام

التسلسل الزمني

النوع

Content Management System4
Not Defined4
Programming Language Software2
Software Management Software2
JavaScript Library2

المجهز

Not Defined8
Hisilicon2
IBM2
Apple2
Microsoft2

منتج

WordPress4
Hisilicon HI35102
Hisilicon HI35182
Hisilicon LOOSAFE2
Hisilicon LEVCOECAM2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Coremail Document Attachment سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00120CVE-2015-6942
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Webmin سكربتات مشتركة5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00118CVE-2017-2106
4Webmin Login Form miniserv.pl الحرمان من الخدمة7.36.6$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.000.03978CVE-2005-3912
5ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference اجتياز الدليل6.26.0$0-$5kجاري الحسابNot DefinedWorkaround0.000.00044CVE-2018-15490
6Shenzhen Yunni Technology iLnkP2P UID Generator Random تشفير ضعيف7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00176CVE-2019-11219
7Shenzhen Yunni Technology iLnkP2P Authentication توثيق ضعيف7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00669CVE-2019-11220
8Hisilicon HI3510 Web Management Portal Credentials تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00104CVE-2019-10710
9Hisilicon HI3510 RTSP Stream/Web Portal تجاوز الصلاحيات6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.000.00168CVE-2019-10711
10WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00509CVE-2018-10101
11WordPress Password Reset wp-login.php mail تجاوز الصلاحيات6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.02827CVE-2017-8295
12WordPress Admin Shell تجاوز الصلاحيات7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.030.00000
13My Link Trader out.php حقن إس كيو إل6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
14Apple macOS AppleSMC الحرمان من الخدمة7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00045CVE-2016-4678
15Node.js ServerResponse#writeHead Split تجاوز الصلاحيات6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00437CVE-2016-5325
16Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark الكشف عن المعلومات5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
17IBM Java Virtual Machine الكشف عن المعلومات5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00786CVE-2015-1914

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
127.255.69.209Bronze Butler16/12/2020verifiedعالي
227.255.91.238Bronze Butler16/12/2020verifiedعالي
3XXX.XXX.X.XXXxxxxx Xxxxxx16/12/2020verifiedعالي
4XXX.XXX.XXX.XXXXxxxxx Xxxxxx16/12/2020verifiedعالي
5XXX.XX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxx Xxxxxx16/12/2020verifiedعالي
6XXX.XXX.XXX.XXXxxxxx Xxxxxx16/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059.007CWE-79Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/out.phppredictiveمتوسط
2Filedata/gbconfiguration.datpredictiveعالي
3Filexxxxxxxx.xxpredictiveمتوسط
4Filexx-xxxxx.xxxpredictiveمتوسط
5Filexxxxx.xxxpredictiveمتوسط
6Libraryxxxxxxxx.xxxpredictiveمتوسط
7Argumentxxxxpredictiveواطئ
8Argumentxxpredictiveواطئ
9Argumentxxxxxxpredictiveواطئ
10Argumentxxxxxxxxpredictiveمتوسط
11Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!