Bronze Starlight Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Cronología

Idioma

en50
zh12
ru4
fr4
de2

País

us42
cn20
ru6
vn2
ir2

Actores

Bronze Starlight3
Cobalt Strike2
Tofsee1
UAC-00101
Fodcha1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined26
Programming Language Software6
Router Operating System4
Firewall Software4
Photo Gallery Software2

Proveedor

Not Defined20
D-Link4
Asus4
Apache4
Microsoft4

Producto

PHP6
D-Link DIR-8784
Seafile Server2
Seafile Server Professional Edition2
4images Image Gallery Management System2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
2Joomla CMS sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001960.04CVE-2019-19846
3Fortinet FortiOS/FortiProxy Administrative Interface autenticación débil9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.971690.00CVE-2022-40684
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.03CVE-2007-1287
5Palo Alto PAN-OS GlobalProtect Gateway escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002380.02CVE-2020-2050
6OpenClinic test_new.php escalada de privilegios6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2020-28939
7contact-form-7 Plugin register_post_type escalada de privilegios8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.02CVE-2018-20979
8Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.07CVE-2023-5828
9NextGen Mirth Connect escalada de privilegios8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.107550.01CVE-2023-37679
10Farmakom Online Remote Administration Console sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2023-3717
11Nextcloud Server Group Folder escalada de privilegios5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.04CVE-2023-39952
12Metabase database escalada de privilegios9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003470.02CVE-2023-37470
13Adobe Commerce/Magento Open Source cross site scripting7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.04CVE-2022-35698
14Adobe Commerce escalada de privilegios5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2023-38209
15FRRouting BGP OPEN Message divulgación de información5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000590.04CVE-2022-40302
16onekeyadmin plugins denegación de servicio6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2023-26957
17Comingchina U-Mail Webmail server escalada de privilegios8.87.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.045810.00CVE-2008-4932
18Apache Kafka Connect Worker escalada de privilegios7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.969270.02CVE-2023-25194
19Altenergy Power Control Software set_timezone escalada de privilegios7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.876150.04CVE-2023-28343
20Asus RT-AC56U desbordamiento de búfer8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.07CVE-2022-25596

Campañas (1)

These are the campaigns that can be associated with the actor:

  • HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.32.101.19145.32.101.191.vultrusercontent.comBronze StarlightHUI Loader2022-06-28verifiedAlto
2XX.XX.XXX.XXXxxxxx XxxxxxxxxXxx Xxxxxx2022-06-28verifiedAlto
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx XxxxxxxxxXxx Xxxxxx2022-06-28verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/api/databasepredictiveAlto
2File/bl-plugins/backup/plugin.phppredictiveAlto
3File/home/www/cgi-bin/diagnostics.cgipredictiveAlto
4Filexxx/xxxxxx_xxxx_xxxxxx.xxxpredictiveAlto
5Filexxxxxxx.xxpredictiveMedio
6Filexxxxxxxx_xxxxxxx.xxxpredictiveAlto
7Filexxxx-xxxxx.xxxpredictiveAlto
8Filexxxxxxxxxxxx.xxxpredictiveAlto
9Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveAlto
10Filexxxxx.xxxxpredictiveMedio
11Filexxxxxxx/xxxx_xxx.xxxpredictiveAlto
12Filexxxx.xxxpredictiveMedio
13Filexxxx.xxpredictiveBajo
14File\xxxxx\xxxxxxxxxx\xxxxxxxpredictiveAlto
15File_xxxxxxxx/xxxx?xxxxpredictiveAlto
16Argumentxxxxxxxxxx_xxxxpredictiveAlto
17Argumentxx_xxxxxpredictiveMedio
18ArgumentxxxpredictiveBajo
19ArgumentxxxxxxxpredictiveBajo
20ArgumentxxxxxxxxxxxpredictiveMedio
21ArgumentxxxxxxxxpredictiveMedio
22Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!