Bronze Union Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh18
en12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bronze Union1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Firewall Software2
Groupware Software2
JavaScript Library2
Database Administration Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Cisco2
Synacor2
UJCMS2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA2
Synacor Zimbra Collaboration Suite2
Moment.js2
phpMyAdmin2
UJCMS Jspxcms2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1glorylion JFinalOA SysOrg.java sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.00CVE-2023-0758
2Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.21CVE-2022-24785
3UJCMS Jspxcms ?new unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002600.00CVE-2022-23329
4Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.002070.00CVE-2023-24897
5Microsoft .NET/.NET Framework/Visual Studio Remote Code Execution8.17.4$5k-$25k$0-$5kUnprovenOfficial Fix0.001250.00CVE-2023-24895
6Microsoft .NET Framework information disclosure5.04.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000610.02CVE-2022-41064
7MyBatis Plus sql injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2023-25330
8SourceCodester Apartment Visitor Management System action-visitor.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001420.08CVE-2022-2772
9Amcrest IP2M-841B HTTP Endpoint videotalk improper authentication7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.101440.03CVE-2019-3948
10IBM Cognos Business Intelligence cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001780.00CVE-2012-4835
11Synacor Zimbra Collaboration Suite amavisd public unrestricted upload7.67.6$0-$5k$0-$5kHighNot Defined0.956690.00CVE-2022-41352
12Moxiecode TinyMCE Compressor PHP tiny_mce_gzip.php path traversal6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006390.00CVE-2005-4600
13ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2021-29099
14Synology DiskStation Manager WebAPI path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2021-29087
15crelly-slider Plugin File Upload wp_ajax_crellyslider_importSlider unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.02CVE-2019-15866
16hymeleaf-spring5 Template injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.049280.03CVE-2021-43466
17Hitachi Energy RTU500 Bidirectional Communication Interface denial of service6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000900.00CVE-2021-35533
18Tiny Tiny RSS OTP Code improper authentication6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2021-28373
19Tiny Tiny RSS cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2017-1000035
20phpMyAdmin cross site scripting6.36.0$25k-$100k$0-$5kHighOfficial Fix0.004320.00CVE-2008-2960

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bronze Union

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.114.9.174TG-3390Bronze Union12/20/2020verifiedHigh
296.90.63.57nleq.comTG-3390Bronze Union12/20/2020verifiedHigh
3XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
4XXX.XXX.XX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
5XXX.XX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
6XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
7XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
8XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh
9XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
3File/videotalkpredictiveMedium
4Filexxxxxx-xxxxxxx.xxxpredictiveHigh
5Filexxxx_xxxx.xpredictiveMedium
6Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
7Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxx_xxx_xxxx.xxxpredictiveHigh
10Argumentxxxxxx/xxxxxxpredictiveHigh
11ArgumentxxpredictiveLow
12ArgumentxxxxpredictiveLow
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxpredictiveLow
15Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
16Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!