Bookworm 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

时间轴

语言

en18
zh2

国家/地区

cn12
us8

演员

Bookworm2
Cobalt Strike1

活动

利益

时间轴

类型

Not Defined6
Forum Software4
Virtualization Software2
Operating System2
Firewall Software2

供应商

Not Defined8
Oracle4
Fabrice Bellard2
Microsoft2
FileZilla2

产品

strapi4
Oracle Agile Product Lifecycle Management for Proc ...2
JForum2
Fabrice Bellard QEMU2
Microsoft Windows2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows Kerberos 弱身份验证8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.02CVE-2024-20674
2Google Chrome ANGLE 内存损坏7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001570.06CVE-2024-0223
3Oracle Agile Product Lifecycle Management for Process Installation Remote Code Execution7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-20956
4Oracle Audit Vault and Database Firewall 未知漏洞7.57.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000480.02CVE-2024-20909
5JForum Login 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
6strapi Admin Console 拒绝服务3.83.8$0-$5k$0-$5kNot DefinedNot Defined0.000790.00CVE-2020-8123
7strapi Password Reset Auth.js 权限升级9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.892980.02CVE-2019-18818
8FiberHome HG2201T telnet.cgi 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
9jforum User 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
10Shenzhen Yunni Technology iLnkP2P Authentication 弱身份验证7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.04CVE-2019-11220
11FileZilla Filezilla Server File Upload 拒绝服务5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2005-0851
12PHPMyWind index.php Stored 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.04CVE-2019-7660
13Apple macOS Kernel 信息公开3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2017-13852
14VMware ESXi/Workstation Pro/Player/Fusion Pro/Fusion 信息公开5.75.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000620.01CVE-2017-4905
15VMware Workstation/Fusion Drag/Drop 内存损坏9.68.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004000.00CVE-2017-4901
16Adobe Flash Player 内存损坏8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.013990.00CVE-2017-3099
17Adobe Flash Player 权限升级7.56.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.277500.00CVE-2017-3106
18Fabrice Bellard QEMU cirrus_vga.c 内存损坏5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001000.00CVE-2014-8106
19Magnifica Webscripts Anima Gallery func.php 目录遍历7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003830.06CVE-2015-4415

活动 (1)

These are the campaigns that can be associated with the actor:

  • Thailand

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
143.248.8.249BookwormThailand2021-09-02verified
2103.226.127.47BookwormThailand2021-09-02verified
3104.156.239.105104.156.239.105.vultr.comBookwormThailand2021-09-02verified
4XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx2021-09-02verified
5XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx2021-09-02verified
6XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx2021-09-02verified
7XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx2021-09-02verified
8XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx2021-09-02verified
9XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx2021-09-02verified
10XXX.XXX.XXX.XXXXxxxxxxxXxxxxxxx2021-09-02verified
11XXX.XXX.XXX.XXXxxxxxxxXxxxxxxx2021-09-02verified

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/install/index.phppredictive
2File/var/WEB-GUI/cgi-bin/telnet.cgipredictive
3Filexxxxxx_xxx.xpredictive
4Filexxxx.xxxpredictive
5Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictive
6Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
7Argumentxxxxxxxxxxpredictive
8Argumentxxxxx/xxxxpredictive
9Argumentxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!