Bronze Starlight Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Lang

en	48
zh	10
de	4
ru	4
ja	2

Land

us	46
cn	18
ir	4
ru	2
es	2

Skådespelare

Bronze Starlight	3
Cobalt Strike	2
APT29	1
Tofsee	1
UAC-0010	1

Intressera

Typ

Not Defined	32
Firewall Software	8
Operating System	2
Programming Language Software	2
Router Operating System	2

Säljare

Not Defined	18
Apache	6
Microsoft	4
Adobe	4
Oracle	4

Produkt

Adobe Commerce	4
Apache Kafka	4
Fortinet FortiOS	4
Microsoft Windows	2
MailGates	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	AWStats Config awstats.pl Privilege Escalation	5.0	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
2	Joomla CMS sql injektion	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00196	0.04	CVE-2019-19846
3	Fortinet FortiOS/FortiProxy Administrative Interface svag autentisering	9.8	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97169	0.00	CVE-2022-40684
4	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
5	Palo Alto PAN-OS GlobalProtect Gateway privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00238	0.02	CVE-2020-2050
6	OpenClinic test_new.php privilegier eskalering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.00	CVE-2020-28939
7	contact-form-7 Plugin register_post_type privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.02	CVE-2018-20979
8	Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injektion	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.10	CVE-2023-5828
9	NextGen Mirth Connect privilegier eskalering	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.10401	0.01	CVE-2023-37679
10	Farmakom Online Remote Administration Console sql injektion	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2023-3717
11	Nextcloud Server Group Folder privilegier eskalering	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.04	CVE-2023-39952
12	Metabase database privilegier eskalering	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00347	0.02	CVE-2023-37470
13	Adobe Commerce/Magento Open Source cross site scripting	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.04	CVE-2022-35698
14	Adobe Commerce privilegier eskalering	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00051	0.00	CVE-2023-38209
15	FRRouting BGP OPEN Message informationsgivning	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00059	0.04	CVE-2022-40302
16	onekeyadmin plugins förnekande av tjänsten	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2023-26957
17	Comingchina U-Mail Webmail server privilegier eskalering	8.8	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.04581	0.00	CVE-2008-4932
18	Apache Kafka Connect Worker privilegier eskalering	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.96927	0.02	CVE-2023-25194
19	Altenergy Power Control Software set_timezone privilegier eskalering	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.87615	0.04	CVE-2023-28343
20	Asus RT-AC56U minneskorruption	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.07	CVE-2022-25596

Kampanjer (1)

These are the campaigns that can be associated with the actor:

HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	45.32.101.191	45.32.101.191.vultrusercontent.com	Bronze Starlight	HUI Loader	28/06/2022	verified	Hög
2	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	28/06/2022	verified	Hög
3	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxx	Xxx Xxxxxx	28/06/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-121, CWE-125, CWE-134, CWE-170, CWE-266, CWE-285, CWE-287, CWE-288, CWE-303, CWE-352, CWE-377, CWE-404, CWE-502, CWE-787, CWE-862, CWE-863	Unknown Vulnerability	predictive	Hög
2	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
3	T1059.007	CAPEC-10	CWE-74, CWE-79, CWE-80, CWE-707	Cross Site Scripting	predictive	Hög
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-16	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
11	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/api/database	predictive	Hög
2	File	/bl-plugins/backup/plugin.php	predictive	Hög
3	File	/home/www/cgi-bin/diagnostics.cgi	predictive	Hög
4	File	xxx/xxxxxx_xxxx_xxxxxx.xxx	predictive	Hög
5	File	xxxxxxx.xx	predictive	Medium
6	File	xxxxxxxx_xxxxxxx.xxx	predictive	Hög
7	File	xxxx-xxxxx.xxx	predictive	Hög
8	File	xxxxxxxxxxxx.xxx	predictive	Hög
9	File	xxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxx	predictive	Hög
10	File	xxxxx.xxxx	predictive	Medium
11	File	xxxxxxx/xxxx_xxx.xxx	predictive	Hög
12	File	xxxx.xxx	predictive	Medium
13	File	xxxx.xx	predictive	Låg
14	File	\xxxxx\xxxxxxxxxx\xxxxxxx	predictive	Hög
15	File	_xxxxxxxx/xxxx?xxxx	predictive	Hög
16	Argument	xxxxxxxxxx_xxxx	predictive	Hög
17	Argument	xx_xxxxx	predictive	Medium
18	Argument	xxx	predictive	Låg
19	Argument	xxxxxxx	predictive	Låg
20	Argument	xxxxxxxxxxx	predictive	Medium
21	Argument	xxxxxxxx	predictive	Medium
22	Input Value	xx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!