Bronze Butler Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Sprache

en	18
de	2

Land

us	10
jp	4
cn	4
kr	2

Akteure

Daserf	1
Winnti	1
Bronze Butler	1
APT41	1

Interesse

Typ

Not Defined	8
Content Management System	4
Web Browser	2
JavaScript Library	2
Operating System	2

Hersteller

Not Defined	8
Microsoft	2
Shenzhen Yunni Technology	2
Hisilicon	2
Apple	2

Produkt

WordPress	4
Microsoft Internet Explorer	2
Shenzhen Yunni Technology iLnkP2P	2
Node.js	2
Hisilicon HI3510	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Coremail Document Attachment Cross Site Scripting	5.2	5.2	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00120	CVE-2015-6942
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	Webmin Cross Site Scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00118	CVE-2017-2106
4	Webmin Login Form miniserv.pl Denial of Service	7.3	6.6	$0-$5k	Wird berechnet	Proof-of-Concept	Official Fix	0.00	0.03978	CVE-2005-3912
5	ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference Directory Traversal	6.2	6.0	$0-$5k	Wird berechnet	Not Defined	Workaround	0.00	0.00044	CVE-2018-15490
6	Shenzhen Yunni Technology iLnkP2P UID Generator Random schwache Verschlüsselung	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00176	CVE-2019-11219
7	Shenzhen Yunni Technology iLnkP2P Authentication schwache Authentisierung	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00669	CVE-2019-11220
8	Hisilicon HI3510 Web Management Portal Credentials erweiterte Rechte	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00104	CVE-2019-10710
9	Hisilicon HI3510 RTSP Stream/Web Portal erweiterte Rechte	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.00168	CVE-2019-10711
10	WordPress URL Validator Redirect	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00509	CVE-2018-10101
11	WordPress Password Reset wp-login.php mail erweiterte Rechte	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02827	CVE-2017-8295
12	WordPress Admin Shell erweiterte Rechte	7.3	6.6	$25k-$100k	$0-$5k	Functional	Workaround	0.03	0.00000
13	My Link Trader out.php SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00000
14	Apple macOS AppleSMC Denial of Service	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00045	CVE-2016-4678
15	Node.js ServerResponse#writeHead Split erweiterte Rechte	6.1	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00437	CVE-2016-5325
16	Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark Information Disclosure	5.3	4.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00000
17	IBM Java Virtual Machine Information Disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00786	CVE-2015-1914

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	27.255.69.209		Bronze Butler	16.12.2020	verifiziert	High
2	27.255.91.238		Bronze Butler	16.12.2020	verifiziert	High
3	XXX.XXX.X.XX		Xxxxxx Xxxxxx	16.12.2020	verifiziert	High
4	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxx	16.12.2020	verifiziert	High
5	XXX.XX.XXX.XXX	xxx-xxx-xxxxx.xx.xxxxxx.xx.xx	Xxxxxx Xxxxxx	16.12.2020	verifiziert	High
6	XXX.XXX.XXX.XX		Xxxxxx Xxxxxx	16.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059.007	CWE-79	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/out.php	prädiktiv	Medium
2	File	data/gbconfiguration.dat	prädiktiv	High
3	File	xxxxxxxx.xx	prädiktiv	Medium
4	File	xx-xxxxx.xxx	prädiktiv	Medium
5	File	xxxxx.xxx	prädiktiv	Medium
6	Library	xxxxxxxx.xxx	prädiktiv	Medium
7	Argument	xxxx	prädiktiv	Low
8	Argument	xx	prädiktiv	Low
9	Argument	xxxxxx	prädiktiv	Low
10	Argument	xxxxxxxx	prädiktiv	Medium
11	Network Port	xxx/xxxx	prädiktiv	Medium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!