Bronze Union تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

التسلسل الزمني

اللغة

zh16
en12
es2

البلد

cn28
us2

الفاعلين

Bronze Union1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined12
Firewall Software2
Groupware Software2
Database Software2
Programming Language Software2

المجهز

Not Defined6
Cisco2
Synacor2
Oracle2
Moxiecode2

منتج

ThinkPHP2
Cisco ASA2
Synacor Zimbra Collaboration Suite2
Oracle MySQL Server2
Moxiecode TinyMCE Compressor PHP2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1glorylion JFinalOA SysOrg.java حقن إس كيو إل6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00148CVE-2023-0758
2UJCMS Jspxcms ?new تجاوز الصلاحيات7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00260CVE-2022-23329
3Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00207CVE-2023-24897
4Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00125CVE-2023-24895
5Microsoft .NET Framework الكشف عن المعلومات5.04.7$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00050CVE-2022-41064
6MyBatis Plus حقن إس كيو إل8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2023-25330
7SourceCodester Apartment Visitor Management System action-visitor.php حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00142CVE-2022-2772
8Amcrest IP2M-841B HTTP Endpoint videotalk توثيق ضعيف7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.10144CVE-2019-3948
9IBM Cognos Business Intelligence سكربتات مشتركة4.34.1$5k-$25k$0-$5kHighOfficial Fix0.000.00178CVE-2012-4835
10Synacor Zimbra Collaboration Suite amavisd public تجاوز الصلاحيات7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.060.95689CVE-2022-41352
11Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php اجتياز الدليل6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00639CVE-2005-4600
12ArcGIS Server حقن إس كيو إل7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00073CVE-2021-29099
13Synology DiskStation Manager WebAPI اجتياز الدليل7.37.0$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00109CVE-2021-29087
14crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider تجاوز الصلاحيات7.57.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.00090CVE-2019-15866
15hymeleaf-spring5 Template تجاوز الصلاحيات6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.130.04766CVE-2021-43466
16Hitachi Energy RTU500 Bidirectional Communication Interface الحرمان من الخدمة6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00090CVE-2021-35533
17Tiny Tiny RSS OTP Code توثيق ضعيف6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2021-28373
18Tiny Tiny RSS سكربتات مشتركة5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2017-1000035
19phpMyAdmin سكربتات مشتركة6.36.0$25k-$100k$0-$5kHighOfficial Fix0.000.00432CVE-2008-2960
20ThinkPHP تجاوز الصلاحيات8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97456CVE-2019-9082

حملات (1)

These are the campaigns that can be associated with the actor:

  • Bronze Union

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.114.9.174TG-3390Bronze Union20/12/2020verifiedعالي
296.90.63.57nleq.comTG-3390Bronze Union20/12/2020verifiedعالي
3XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
4XXX.XXX.XX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
5XXX.XX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
6XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
7XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
8XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي
9XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx20/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/getcfg.phppredictiveمتوسط
2File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveعالي
3File/videotalkpredictiveمتوسط
4Filexxxxxx-xxxxxxx.xxxpredictiveعالي
5Filexxxx_xxxx.xpredictiveمتوسط
6Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveعالي
7Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxxpredictiveعالي
8Filexxxxxx.xxxpredictiveمتوسط
9Filexxxx_xxx_xxxx.xxxpredictiveعالي
10Argumentxxxxxx/xxxxxxpredictiveعالي
11Argumentxxpredictiveواطئ
12Argumentxxxxpredictiveواطئ
13Argumentxxxxxxxxpredictiveمتوسط
14Argumentxxxpredictiveواطئ
15Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveعالي
16Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!