Bookworm Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Язык

en	16
zh	4

Страна

cn	10
us	8
kr	2

Акторы

Bookworm	2
Cobalt Strike	1

Интерес

Тип

Not Defined	10
Virtualization Software	2
Photo Gallery Software	2
Multimedia Player Software	2
Forum Software	2

Поставщик

Not Defined	6
Oracle	4
Shenzhen Yunni Technology	2
VMware	2
Magnifica	2

Продукт

strapi	4
Shenzhen Yunni Technology iLnkP2P	2
VMware Workstation	2
VMware Fusion	2
Magnifica Webscripts Anima Gallery	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Microsoft Windows Kerberos слабая аутентификация	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.03	CVE-2024-20674
2	Google Chrome ANGLE повреждение памяти	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00157	0.06	CVE-2024-0223
3	Oracle Agile Product Lifecycle Management for Process Installation Remote Code Execution	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00046	0.02	CVE-2024-20956
4	Oracle Audit Vault and Database Firewall неизвестная уязвимость	7.5	7.2	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00048	0.02	CVE-2024-20909
5	JForum Login эскалация привилегий	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.06	CVE-2012-5338
6	strapi Admin Console отказ в обслуживании	3.8	3.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00079	0.00	CVE-2020-8123
7	strapi Password Reset Auth.js эскалация привилегий	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.89298	0.02	CVE-2019-18818
8	FiberHome HG2201T telnet.cgi эскалация привилегий	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00609	0.00	CVE-2019-17186
9	jforum User эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
10	Shenzhen Yunni Technology iLnkP2P Authentication слабая аутентификация	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00669	0.04	CVE-2019-11220
11	FileZilla Filezilla Server File Upload отказ в обслуживании	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00159	0.00	CVE-2005-0851
12	PHPMyWind index.php Stored межсайтовый скриптинг	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.04	CVE-2019-7660
13	Apple macOS Kernel раскрытие информации	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2017-13852
14	VMware ESXi/Workstation Pro/Player/Fusion Pro/Fusion раскрытие информации	5.7	5.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00062	0.01	CVE-2017-4905
15	VMware Workstation/Fusion Drag/Drop повреждение памяти	9.6	8.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00400	0.00	CVE-2017-4901
16	Adobe Flash Player повреждение памяти	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01399	0.00	CVE-2017-3099
17	Adobe Flash Player эскалация привилегий	7.5	6.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.27750	0.00	CVE-2017-3106
18	Fabrice Bellard QEMU cirrus_vga.c повреждение памяти	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00100	0.00	CVE-2014-8106
19	Magnifica Webscripts Anima Gallery func.php обход каталога	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00383	0.06	CVE-2015-4415

Кампании (1)

These are the campaigns that can be associated with the actor:

Thailand

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	43.248.8.249		Bookworm	Thailand	02.09.2021	verified	Высокий
2	103.226.127.47		Bookworm	Thailand	02.09.2021	verified	Высокий
3	104.156.239.105	104.156.239.105.vultr.com	Bookworm	Thailand	02.09.2021	verified	Средний
4	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
5	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
6	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
7	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
8	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
9	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
10	XXX.XXX.XXX.XXX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий
11	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxxxx	02.09.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
3	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/install/index.php	predictive	Высокий
2	File	/var/WEB-GUI/cgi-bin/telnet.cgi	predictive	Высокий
3	File	xxxxxx_xxx.x	predictive	Средний
4	File	xxxx.xxx	predictive	Средний
5	File	xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx	predictive	Высокий
6	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Высокий
7	Argument	xxxxxxxxxx	predictive	Средний
8	Argument	xxxxx/xxxx	predictive	Средний
9	Argument	xxxxxxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!