Bronze Starlight Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en50
zh16
ru2
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us46
cn18
de2
ru2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bronze Starlight3
Cobalt Strike2
Tofsee1
UAC-00101
Fodcha1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Firewall Software8
Operating System4
Content Management System2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Fortinet6
Oracle6
Apache4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Fortinet FortiOS4
Apache Kafka4
Microsoft Windows4
Fortinet FortiWeb2
Joomla CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
2Joomla CMS sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001960.04CVE-2019-19846
3Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.971640.05CVE-2022-40684
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
5Palo Alto PAN-OS GlobalProtect Gateway improper authorization7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002380.02CVE-2020-2050
6OpenClinic test_new.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2020-28939
7contact-form-7 Plugin register_post_type access control8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.02CVE-2018-20979
8Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-5828
9NextGen Mirth Connect command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.117390.04CVE-2023-37679
10Farmakom Online Remote Administration Console sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2023-3717
11Nextcloud Server Group Folder permission5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2023-39952
12Metabase database code injection9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002450.02CVE-2023-37470
13Adobe Commerce/Magento Open Source cross site scripting7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.07CVE-2022-35698
14Adobe Commerce authorization5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2023-38209
15FRRouting BGP OPEN Message out-of-bounds5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000720.04CVE-2022-40302
16onekeyadmin plugins denial of service6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2023-26957
17Comingchina U-Mail Webmail server input validation8.87.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.045810.00CVE-2008-4932
18Apache Kafka Connect Worker deserialization7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.969190.04CVE-2023-25194
19Altenergy Power Control Software set_timezone os command injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.668200.04CVE-2023-28343
20Asus RT-AC56U out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.04CVE-2022-25596

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • HUI Loader

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.101.19145.32.101.191.vultrusercontent.comBronze StarlightHUI Loader06/28/2022verifiedHigh
2XX.XX.XXX.XXXxxxxx XxxxxxxxxXxx Xxxxxx06/28/2022verifiedHigh
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx XxxxxxxxxXxx Xxxxxx06/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/databasepredictiveHigh
2File/bl-plugins/backup/plugin.phppredictiveHigh
3File/home/www/cgi-bin/diagnostics.cgipredictiveHigh
4Filexxx/xxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
5Filexxxxxxx.xxpredictiveMedium
6Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
7Filexxxx-xxxxx.xxxpredictiveHigh
8Filexxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveHigh
10Filexxxxx.xxxxpredictiveMedium
11Filexxxxxxx/xxxx_xxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxx.xxpredictiveLow
14File\xxxxx\xxxxxxxxxx\xxxxxxxpredictiveHigh
15File_xxxxxxxx/xxxx?xxxxpredictiveHigh
16Argumentxxxxxxxxxx_xxxxpredictiveHigh
17Argumentxx_xxxxxpredictiveMedium
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxpredictiveLow
20ArgumentxxxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!