Bronze Union Analys

IOB - Indicator of Behavior (29)

Tidslinje

Lang

en16
zh14

Land

cn26
us4

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Tiny Tiny RSS4
Cisco ASA2
SonicWALL Email Security Appliance2
phpMyAdmin2
Synacor Zimbra Collaboration Suite2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1glorylion JFinalOA SysOrg.java sql injektion6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00148CVE-2023-0758
2UJCMS Jspxcms ?new privilegier eskalering7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00260CVE-2022-23329
3Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00207CVE-2023-24897
4Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00125CVE-2023-24895
5Microsoft .NET Framework informationsgivning5.04.7$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00050CVE-2022-41064
6MyBatis Plus sql injektion8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2023-25330
7SourceCodester Apartment Visitor Management System action-visitor.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00142CVE-2022-2772
8Amcrest IP2M-841B HTTP Endpoint videotalk svag autentisering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.10144CVE-2019-3948
9IBM Cognos Business Intelligence cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.000.00178CVE-2012-4835
10Synacor Zimbra Collaboration Suite amavisd public privilegier eskalering7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.040.95689CVE-2022-41352
11Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php kataloggenomgång6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00639CVE-2005-4600
12ArcGIS Server sql injektion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00073CVE-2021-29099
13Synology DiskStation Manager WebAPI kataloggenomgång7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00109CVE-2021-29087
14crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00090CVE-2019-15866
15hymeleaf-spring5 Template privilegier eskalering6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.04766CVE-2021-43466
16Hitachi Energy RTU500 Bidirectional Communication Interface förnekande av tjänsten6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00090CVE-2021-35533
17Tiny Tiny RSS OTP Code svag autentisering6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2021-28373
18Tiny Tiny RSS cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2017-1000035
19phpMyAdmin cross site scripting6.36.0$25k-$100k$0-$5kHighOfficial Fix0.000.00432CVE-2008-2960
20ThinkPHP privilegier eskalering8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97456CVE-2019-9082

Kampanjer (1)

These are the campaigns that can be associated with the actor:

  • Bronze Union

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/getcfg.phppredictiveMedium
2File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHög
3File/videotalkpredictiveMedium
4Filexxxxxx-xxxxxxx.xxxpredictiveHög
5Filexxxx_xxxx.xpredictiveMedium
6Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHög
7Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxxpredictiveHög
8Filexxxxxx.xxxpredictiveMedium
9Filexxxx_xxx_xxxx.xxxpredictiveHög
10Argumentxxxxxx/xxxxxxpredictiveHög
11ArgumentxxpredictiveLåg
12ArgumentxxxxpredictiveLåg
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxpredictiveLåg
15Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHög
16Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!