Bookworm Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Curso de tempo

Idioma

en14
zh6

País

us10
cn8
kr2

Actores

Bookworm2
Cobalt Strike1

Actividades

Interesse

Curso de tempo

Tipo

Forum Software4
Not Defined4
Virtualization Software4
File Transfer Software2
Firewall Software2

Fabricante

Not Defined6
VMware4
FileZilla2
Shenzhen Yunni Technology2
Oracle2

Produto

VMware Fusion4
jforum2
FileZilla Filezilla Server2
Shenzhen Yunni Technology iLnkP2P2
Oracle Audit Vault and Database Firewall2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Microsoft Windows Kerberos Fraca autenticação8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.04CVE-2024-20674
2Google Chrome ANGLE Excesso de tampão7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001570.06CVE-2024-0223
3Oracle Agile Product Lifecycle Management for Process Installation Remote Code Execution7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-20956
4Oracle Audit Vault and Database Firewall vulnerabilidade desconhecida7.57.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000480.02CVE-2024-20909
5JForum Login direitos alargados6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
6strapi Admin Console Negação de Serviço3.83.8$0-$5k$0-$5kNot DefinedNot Defined0.000790.00CVE-2020-8123
7strapi Password Reset Auth.js direitos alargados9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.892980.02CVE-2019-18818
8FiberHome HG2201T telnet.cgi direitos alargados8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
9jforum User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
10Shenzhen Yunni Technology iLnkP2P Authentication Fraca autenticação7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.04CVE-2019-11220
11FileZilla Filezilla Server File Upload Negação de Serviço5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2005-0851
12PHPMyWind index.php Stored Roteiro Cruzado de Sítios5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.04CVE-2019-7660
13Apple macOS Kernel Divulgação de Informação3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2017-13852
14VMware ESXi/Workstation Pro/Player/Fusion Pro/Fusion Divulgação de Informação5.75.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000620.01CVE-2017-4905
15VMware Workstation/Fusion Drag/Drop Excesso de tampão9.68.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004000.00CVE-2017-4901
16Adobe Flash Player Excesso de tampão8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.013990.00CVE-2017-3099
17Adobe Flash Player direitos alargados7.56.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.277500.00CVE-2017-3106
18Fabrice Bellard QEMU cirrus_vga.c Excesso de tampão5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001000.00CVE-2014-8106
19Magnifica Webscripts Anima Gallery func.php Directório Traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003830.06CVE-2015-4415

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Thailand

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
143.248.8.249BookwormThailand02/09/2021verifiedAlto
2103.226.127.47BookwormThailand02/09/2021verifiedAlto
3104.156.239.105104.156.239.105.vultr.comBookwormThailand02/09/2021verifiedMédio
4XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
5XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
6XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
7XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
8XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
9XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
10XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto
11XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx02/09/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
3TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/install/index.phppredictiveAlto
2File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveAlto
3Filexxxxxx_xxx.xpredictiveMédio
4Filexxxx.xxxpredictiveMédio
5Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveAlto
6Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
7ArgumentxxxxxxxxxxpredictiveMédio
8Argumentxxxxx/xxxxpredictiveMédio
9ArgumentxxxxxxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!