Bronze Starlight 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

言語

en	52
zh	10
fr	4
es	2
de	2

国・地域

us	40
cn	24
ru	4
es	2
vn	2

アクター

Bronze Starlight	3
Cobalt Strike	2
Tofsee	1
UAC-0010	1
Fodcha	1

関心

タイプ

Not Defined	28
Programming Language Software	6
Firewall Software	6
Content Management System	2
Software Library	2

ベンダー

Not Defined	24
Fortinet	6
Oracle	4
Seafile	2
Joomla	2

製品

PHP	6
Fortinet FortiOS	4
json-schema	2
CKEditor	2
Seafile Server	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	AWStats Config awstats.pl Privilege Escalation	5.0	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.04
2	Joomla CMS SQLインジェクション	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00196	0.04	CVE-2019-19846
3	Fortinet FortiOS/FortiProxy Administrative Interface 弱い認証	9.8	9.7	$25k-$100k	$5k-$25k	High	Official Fix	0.97164	0.05	CVE-2022-40684
4	PHP phpinfo クロスサイトスクリプティング	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01960	0.05	CVE-2007-1287
5	Palo Alto PAN-OS GlobalProtect Gateway 特権昇格	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00238	0.02	CVE-2020-2050
6	OpenClinic test_new.php 特権昇格	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.00	CVE-2020-28939
7	contact-form-7 Plugin register_post_type 特権昇格	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.02	CVE-2018-20979
8	Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx SQLインジェクション	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.04	CVE-2023-5828
9	NextGen Mirth Connect 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.11739	0.04	CVE-2023-37679
10	Farmakom Online Remote Administration Console SQLインジェクション	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2023-3717
11	Nextcloud Server Group Folder 特権昇格	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.00	CVE-2023-39952
12	Metabase database 特権昇格	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00245	0.02	CVE-2023-37470
13	Adobe Commerce/Magento Open Source クロスサイトスクリプティング	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.07	CVE-2022-35698
14	Adobe Commerce 特権昇格	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00051	0.00	CVE-2023-38209
15	FRRouting BGP OPEN Message 情報の漏洩	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00059	0.04	CVE-2022-40302
16	onekeyadmin plugins サービス拒否	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2023-26957
17	Comingchina U-Mail Webmail server 特権昇格	8.8	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.04581	0.00	CVE-2008-4932
18	Apache Kafka Connect Worker 特権昇格	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.96919	0.04	CVE-2023-25194
19	Altenergy Power Control Software set_timezone 特権昇格	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.66820	0.04	CVE-2023-28343
20	Asus RT-AC56U メモリ破損	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.04	CVE-2022-25596

キャンペーン (1)

These are the campaigns that can be associated with the actor:

HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	45.32.101.191	45.32.101.191.vultrusercontent.com	Bronze Starlight	HUI Loader	2022年06月28日	verified	高
2	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	2022年06月28日	verified	高
3	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	2022年06月28日	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/api/database	predictive	高
2	File	/bl-plugins/backup/plugin.php	predictive	高
3	File	/home/www/cgi-bin/diagnostics.cgi	predictive	高
4	File	xxx/xxxxxx_xxxx_xxxxxx.xxx	predictive	高
5	File	xxxxxxx.xx	predictive	中
6	File	xxxxxxxx_xxxxxxx.xxx	predictive	高
7	File	xxxx-xxxxx.xxx	predictive	高
8	File	xxxxxxxxxxxx.xxx	predictive	高
9	File	xxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxx	predictive	高
10	File	xxxxx.xxxx	predictive	中
11	File	xxxxxxx/xxxx_xxx.xxx	predictive	高
12	File	xxxx.xxx	predictive	中
13	File	xxxx.xx	predictive	低
14	File	\xxxxx\xxxxxxxxxx\xxxxxxx	predictive	高
15	File	_xxxxxxxx/xxxx?xxxx	predictive	高
16	Argument	xxxxxxxxxx_xxxx	predictive	高
17	Argument	xx_xxxxx	predictive	中
18	Argument	xxx	predictive	低
19	Argument	xxxxxxx	predictive	低
20	Argument	xxxxxxxxxxx	predictive	中
21	Argument	xxxxxxxx	predictive	中
22	Input Value	xx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!