Bronze Butler 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

タイムライン

言語

en16
de4

国・地域

cn8
us8
jp2
kr2

アクター

Daserf1
Winnti1

アクティビティ

関心

タイムライン

タイプ

Not Defined4
Content Management System4
Web Browser2
Software Management Software2
Programming Language Software2

ベンダー

Not Defined10
Microsoft2
Shenzhen Yunni Technology2
IBM2
Apple2

製品

WordPress4
Coremail2
Microsoft Internet Explorer2
Webmin2
Shenzhen Yunni Technology iLnkP2P2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Coremail Document Attachment クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00120CVE-2015-6942
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Webmin クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00118CVE-2017-2106
4Webmin Login Form miniserv.pl サービス拒否7.36.6$0-$5k計算中Proof-of-ConceptOfficial Fix0.000.03978CVE-2005-3912
5ExpressVPN Service Port 2015 Xvpnd.exe XVPN.SetPreference ディレクトリトラバーサル6.26.0$0-$5k計算中Not DefinedWorkaround0.000.00044CVE-2018-15490
6Shenzhen Yunni Technology iLnkP2P UID Generator Random 弱い暗号化7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00176CVE-2019-11219
7Shenzhen Yunni Technology iLnkP2P Authentication 弱い認証7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00669CVE-2019-11220
8Hisilicon HI3510 Web Management Portal Credentials 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00104CVE-2019-10710
9Hisilicon HI3510 RTSP Stream/Web Portal 特権昇格6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.000.00168CVE-2019-10711
10WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00509CVE-2018-10101
11WordPress Password Reset wp-login.php mail 特権昇格6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.160.02827CVE-2017-8295
12WordPress Admin Shell 特権昇格7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.030.00000
13My Link Trader out.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
14Apple macOS AppleSMC サービス拒否7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00045CVE-2016-4678
15Node.js ServerResponse#writeHead Split 特権昇格6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00437CVE-2016-5325
16Microsoft Internet Explorer Garbage Collection jscript9.dll ProcessMark 情報の漏洩5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
17IBM Java Virtual Machine 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00786CVE-2015-1914

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
127.255.69.209Bronze Butler2020年12月16日verified
227.255.91.238Bronze Butler2020年12月16日verified
3XXX.XXX.X.XXXxxxxx Xxxxxx2020年12月16日verified
4XXX.XXX.XXX.XXXXxxxxx Xxxxxx2020年12月16日verified
5XXX.XX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxx Xxxxxx2020年12月16日verified
6XXX.XXX.XXX.XXXxxxxx Xxxxxx2020年12月16日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059.007CWE-79Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/out.phppredictive
2Filedata/gbconfiguration.datpredictive
3Filexxxxxxxx.xxpredictive
4Filexx-xxxxx.xxxpredictive
5Filexxxxx.xxxpredictive
6Libraryxxxxxxxx.xxxpredictive
7Argumentxxxxpredictive
8Argumentxxpredictive
9Argumentxxxxxxpredictive
10Argumentxxxxxxxxpredictive
11Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!