Bronze Union Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Sprache

zh	16
en	14

Land

cn	28
us	2

Akteure

Bronze Union	2
Winnti	1

Interesse

Typ

Not Defined	16
Firewall Software	2
Router Operating System	2
Database Software	2
Groupware Software	2

Hersteller

Not Defined	6
Palo Alto	2
D-Link	2
Oracle	2
Hitachi Energy	2

Produkt

ArcGIS Server	2
Palo Alto PAN-OS	2
TickFa	2
D-Link DIR-645	2
Oracle MySQL Server	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	glorylion JFinalOA SysOrg.java SQL Injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00148	CVE-2023-0758
2	UJCMS Jspxcms ?new erweiterte Rechte	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00260	CVE-2022-23329
3	Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution	8.1	7.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00207	CVE-2023-24897
4	Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution	8.1	7.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00125	CVE-2023-24895
5	Microsoft .NET Framework Information Disclosure	5.0	4.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00050	CVE-2022-41064
6	MyBatis Plus SQL Injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00073	CVE-2023-25330
7	SourceCodester Apartment Visitor Management System action-visitor.php SQL Injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00142	CVE-2022-2772
8	Amcrest IP2M-841B HTTP Endpoint videotalk schwache Authentisierung	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.10144	CVE-2019-3948
9	IBM Cognos Business Intelligence Cross Site Scripting	4.3	4.1	$5k-$25k	Wird berechnet	High	Official Fix	0.00	0.00178	CVE-2012-4835
10	Synacor Zimbra Collaboration Suite amavisd public erweiterte Rechte	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.95689	CVE-2022-41352
11	Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php Directory Traversal	6.5	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00639	CVE-2005-4600
12	ArcGIS Server SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00073	CVE-2021-29099
13	Synology DiskStation Manager WebAPI Directory Traversal	7.3	7.0	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00109	CVE-2021-29087
14	crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider erweiterte Rechte	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00090	CVE-2019-15866
15	hymeleaf-spring5 Template erweiterte Rechte	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.04766	CVE-2021-43466
16	Hitachi Energy RTU500 Bidirectional Communication Interface Denial of Service	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00090	CVE-2021-35533
17	Tiny Tiny RSS OTP Code schwache Authentisierung	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00090	CVE-2021-28373
18	Tiny Tiny RSS Cross Site Scripting	5.2	5.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00089	CVE-2017-1000035
19	phpMyAdmin unspezifizierte Cross-Site Scripting Schwachstelle	6.3	6.0	$25k-$100k	$0-$5k	High	Official Fix	0.00	0.00432	CVE-2008-2960
20	ThinkPHP erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.97456	CVE-2019-9082

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Bronze Union

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	45.114.9.174		TG-3390	Bronze Union	20.12.2020	verifiziert	High
2	96.90.63.57	nleq.com	TG-3390	Bronze Union	20.12.2020	verifiziert	High
3	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
4	XXX.XXX.XX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
5	XXX.XX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
6	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
7	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
8	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High
9	XXX.XXX.XXX.XXX		Xx-xxxx	Xxxxxx Xxxxx	20.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/getcfg.php	prädiktiv	Medium
2	File	/opt/zimbra/jetty/webapps/zimbra/public	prädiktiv	High
3	File	/videotalk	prädiktiv	Medium
4	File	xxxxxx-xxxxxxx.xxx	prädiktiv	High
5	File	xxxx_xxxx.x	prädiktiv	Medium
6	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	prädiktiv	High
7	File	xxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxx	prädiktiv	High
8	File	xxxxxx.xxx	prädiktiv	Medium
9	File	xxxx_xxx_xxxx.xxx	prädiktiv	High
10	Argument	xxxxxx/xxxxxx	prädiktiv	High
11	Argument	xx	prädiktiv	Low
12	Argument	xxxx	prädiktiv	Low
13	Argument	xxxxxxxx	prädiktiv	Medium
14	Argument	xxx	prädiktiv	Low
15	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	prädiktiv	High
16	Network Port	xxx xxxxxx xxxx	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!