Bronze Starlight Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Язык

en	48
zh	14
ru	4
fr	2
es	2

Страна

us	36
cn	26
de	2
vn	2
es	2

Акторы

Bronze Starlight	3
Cobalt Strike	2
APT29	1
Mustang Panda	1
Shuckworm	1

Интерес

Тип

Not Defined	42
Mail Server Software	2
Forum Software	2
Firewall Software	2
Cloud Software	2

Поставщик

Not Defined	24
Apache	4
Oracle	4
Adobe	4
Comingchina	2

Продукт

Adobe Commerce	4
Comingchina U-Mail Webmail server	2
json-schema	2
SourceCodester Web-Based Student Clearance System	2
Eclipse Jetty	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	AWStats Config awstats.pl Privilege Escalation	5.0	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
2	Joomla CMS sql-инъекция	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00196	0.00	CVE-2019-19846
3	Fortinet FortiOS/FortiProxy Administrative Interface слабая аутентификация	9.8	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97169	0.00	CVE-2022-40684
4	PHP phpinfo межсайтовый скриптинг	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
5	Palo Alto PAN-OS GlobalProtect Gateway эскалация привилегий	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00238	0.02	CVE-2020-2050
6	OpenClinic test_new.php эскалация привилегий	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.00	CVE-2020-28939
7	contact-form-7 Plugin register_post_type эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.02	CVE-2018-20979
8	Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql-инъекция	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.05	CVE-2023-5828
9	NextGen Mirth Connect эскалация привилегий	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.10755	0.01	CVE-2023-37679
10	Farmakom Online Remote Administration Console sql-инъекция	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2023-3717
11	Nextcloud Server Group Folder эскалация привилегий	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.04	CVE-2023-39952
12	Metabase database эскалация привилегий	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00245	0.02	CVE-2023-37470
13	Adobe Commerce/Magento Open Source межсайтовый скриптинг	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.04	CVE-2022-35698
14	Adobe Commerce эскалация привилегий	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00051	0.00	CVE-2023-38209
15	FRRouting BGP OPEN Message раскрытие информации	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00059	0.04	CVE-2022-40302
16	onekeyadmin plugins отказ в обслуживании	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2023-26957
17	Comingchina U-Mail Webmail server эскалация привилегий	8.8	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.04581	0.00	CVE-2008-4932
18	Apache Kafka Connect Worker эскалация привилегий	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.96927	0.02	CVE-2023-25194
19	Altenergy Power Control Software set_timezone эскалация привилегий	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.89091	0.04	CVE-2023-28343
20	Asus RT-AC56U повреждение памяти	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.07	CVE-2022-25596

Кампании (1)

These are the campaigns that can be associated with the actor:

HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	45.32.101.191	45.32.101.191.vultrusercontent.com	Bronze Starlight	HUI Loader	28.06.2022	verified	Высокий
2	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	28.06.2022	verified	Высокий
3	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	28.06.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1059	CWE-94	Argument Injection	predictive	Высокий
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/api/database	predictive	Высокий
2	File	/bl-plugins/backup/plugin.php	predictive	Высокий
3	File	/home/www/cgi-bin/diagnostics.cgi	predictive	Высокий
4	File	xxx/xxxxxx_xxxx_xxxxxx.xxx	predictive	Высокий
5	File	xxxxxxx.xx	predictive	Средний
6	File	xxxxxxxx_xxxxxxx.xxx	predictive	Высокий
7	File	xxxx-xxxxx.xxx	predictive	Высокий
8	File	xxxxxxxxxxxx.xxx	predictive	Высокий
9	File	xxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxx	predictive	Высокий
10	File	xxxxx.xxxx	predictive	Средний
11	File	xxxxxxx/xxxx_xxx.xxx	predictive	Высокий
12	File	xxxx.xxx	predictive	Средний
13	File	xxxx.xx	predictive	Низкий
14	File	\xxxxx\xxxxxxxxxx\xxxxxxx	predictive	Высокий
15	File	_xxxxxxxx/xxxx?xxxx	predictive	Высокий
16	Argument	xxxxxxxxxx_xxxx	predictive	Высокий
17	Argument	xx_xxxxx	predictive	Средний
18	Argument	xxx	predictive	Низкий
19	Argument	xxxxxxx	predictive	Низкий
20	Argument	xxxxxxxxxxx	predictive	Средний
21	Argument	xxxxxxxx	predictive	Средний
22	Input Value	xx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --	predictive	Высокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!