ioc[.]one - OSINT Cyber Threat Intelligence Database

BRONZE BUTLER Hacker Group Targets Japanese Enterprises

Tags

country:	China Japan South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Golden Ticket - T1558.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086 Remote Access Tools - T1219 Scheduled Task - T1053 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	ee0c3c78-b593-474a-b441-43843bbb7aa1
Fingerprint	e89455dd82639491
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 12, 2017, midnight
Added to db	April 15, 2023, 1:01 p.m.
Last updated	Nov. 16, 2024, 11:13 a.m.
Headline	BRONZE BUTLER Targets Japanese Enterprises
Title	BRONZE BUTLER Hacker Group Targets Japanese Enterprises
Detected Hints/Tags/Attributes	112/3/155

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	6	cve-2016-7836
Details	Domain	5	pudn.com
Details	Domain	1	airsteel.co.jp
Details	Domain	1	gigasolar.jp
Details	Domain	1	www.atnet-photo.com
Details	Domain	1	www.primeob.com
Details	Domain	1	baby.ests.jp
Details	Domain	1	www.kamomeza.net
Details	Domain	1	noukankyo.org
Details	Domain	1	jmta.co.jp
Details	Domain	1	i-frontierasia.com
Details	Domain	1	leadoffnet.com
Details	Domain	1	www.concierge.com.cn
Details	Domain	1	www.wco-kyousai.com
Details	Domain	1	angelbaby.jpn.cm
Details	Domain	1	www.infomiracle.info
Details	Domain	1	oan.jp
Details	Domain	1	s-city.net
Details	Domain	1	sha-sigma.com
Details	Domain	1	www.s-city.net
Details	Domain	1	www.stylmartin.co.jp
Details	Domain	1	www.slvcx.com
Details	Domain	1	www.sinwa-jp.com
Details	Domain	1	www.baiya.jp
Details	File	1	ctlcli.log
Details	File	1	do.cs
Details	File	2	do.exe
Details	File	1	zrun.bat
Details	File	1	06_cgi.php
Details	File	1	20131011news-3.php
Details	File	3	themes.php
Details	File	5	store.php
Details	File	1	thumb_dom.php
Details	File	1	soshikizu.php
Details	File	1	math.php
Details	File	13	link.php
Details	File	1	top_12.php
Details	File	8	comment.php
Details	File	49	info.php
Details	File	2	deletecomments.php
Details	File	384	www.inf
Details	File	1	omiracle.inf
Details	File	2	ser.dat
Details	File	1	cui.jpg
Details	File	1	ns.jpg
Details	File	1	logo_new.jpg
Details	File	1	logo_old.jpg
Details	File	1	pic1612.jpg
Details	File	1	aa.dat
Details	File	1	beach6.jpg
Details	File	1	ns12.jpg
Details	File	3	6.jpg
Details	File	3	t.rar
Details	File	1	logo-unix.php
Details	sha256	1	795327de450e7f1e371a019a3d43673b60df4b7bf91138afa9ddc3913384f913
Details	sha256	1	c043c28ea0d767055a8f8d4e94a9acdf62a81927b0ae63b8a9f16288f92cd093
Details	sha256	1	4d7ce20a8d5bc05b7d4b1e147174f486033805260db1edbbc2516fced7558bcc
Details	sha256	1	1ca3b1b259681bca70956139d25a559ccd0b0c04d4f45f08fb954e569aabf9ae
Details	sha256	1	08e49c1d476aefb4c590cf135229d6da7981c7425e547d4f2877d79c1a1ab601
Details	sha256	1	6a63cb7089480fa76b784ca7043e147332768bccc39b84249af11f05b0dde66f
Details	sha256	1	026f5c37f0d633ab27b83082dd0e818edbd80c27f86ba12b5cf32b425edb92d0
Details	sha256	1	21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd
Details	sha256	1	15abe7b1355cd35375de6dde57608f6d3481755fdc9e71d2bfc7c7288db4cd92
Details	sha256	1	2bdb88fa24cffba240b60416835189c76a9920b6c3f6e09c3c4b171c2f57031c
Details	sha256	1	85544d2bcaf8e6ca32bbc0a9e9583c9db1dce837043f555a7ff66363d5858439
Details	sha256	1	f8f31f73157bf049b318429c1d60ad7ff2851e62535d95cf8d121216b95c8602
Details	sha256	1	b1690facbce9bcc66ebf18f138dbbc10c3662a2034c211e0c414e47c7e208b4a
Details	sha256	1	e620c9d19d7d1f609e0bb08465e4c58db97fd0158fb286d938542fc1f03a2302
Details	sha256	1	2dc24622c1e91642a21a64c0dd31cbe953e8f77bd3d6abcf2c4676c3b11bb162
Details	sha256	1	a4afd9df1b4cc014c3a89d7b4a560fa3e368b02286c42841762714b23e68cc05
Details	sha256	1	dab557bae0eb93475c2c2639f186fd717dd57d8d6354232838f44ba6b6a07172
Details	sha256	1	db6a6a4f675cba87405c9c7b016713d3e65b052ffc6c8963764a3d3788f432fa
Details	sha256	1	4b8ca82e6f407792cfb51de881f06b86bd4b59f85746b29c3287aee0015b1683
Details	sha256	1	db8b494de8d897976288c8ccee707ff7b7967fb48caef99d75687584191c2411
Details	sha256	1	e2fd17445d81df89f7a9c1ff1c69c9b382215f597db5e4730f5c76557a6fd1f9
Details	sha256	1	0a031665d05e82038d620facf9d4a86a89e78544f2f770f579c980dae2e252bf
Details	sha256	1	fa9a3341649e798bbc340ce9b2fe69791fe733aa9e46da666ce13b8cf7ca8f4d
Details	sha256	1	f06b440052bd2c2eb127c33c35a80c4eca34a06360d3ee1bb37348d6029dc955
Details	sha256	1	2a39372dea901665ab9429d2f15b3f4fb10706423e177226539047ee1ac3e4a3
Details	sha256	1	4e15392553ca8e7d06f9f592eb04cf6dbfed18c98c56afc0ccd132465b270e12
Details	sha256	1	89a80ca92600af64eb9c32cab4e936c7d675cf815424d72438973e2d6788ef64
Details	sha256	1	b1bd03cd12638f44d9ace271f65645e7f9b707f86e9bcf790e0e5a96b755556b
Details	sha256	1	22e1965154bdb91dd281f0e86c8be96bf1f9a1e5fe93c60a1d30b79c0c0f0d43
Details	sha256	1	b1fdc6dc330e78a66757b77cc67a0e9931b777cd7af9f839911eecb74c04420a
Details	sha256	1	67e32df3a460f005e7aec83b903f6d47d5533ff3843a97d186ad02316dff9fa9
Details	sha256	1	2c449b562dfce53cf98acaddf37286cfb2d1e9da1536511a08bbd24ed93624a6
Details	sha256	1	236848e301d71cab6e17a0503fb268f25412838eccb5fb17e78580d2d0a3a31d
Details	sha256	1	b0966e89eae36a309d89a0c15c8a07677f58130fdc76bc98c16968376ec80626
Details	sha256	1	68e5013a8147e77e892dcd06687e5e815c3837fb83fbff16bac442c65b2f3e73
Details	sha256	1	e2f174f8368b46054e6ec2feec00b878b63e331ba3628374d584b238a95fd770
Details	sha256	1	7afb8082822bf3e55c6639ed2e272846c6be0e5c1fd40402b8b0f69e37402461
Details	sha256	1	630aa710bb7080143498d7fafbb152bbfe581bf690d9bfad041e4e285f152de2
Details	sha256	1	efa68fcbd455a72276062fb513b71547ea11fedf4db10a476cc6c9a2fa4f67f7
Details	sha256	1	90ac1fb148ded4f46949a5fea4cd8c65d4ea9585046d66459328a5866f8198b2
Details	sha256	1	331ac0965b50958db49b7794cc819b2945d7b5e5e919c185d83e997e205f107b
Details	sha256	1	12d9b4ec7f8ae42c67a6fd030efb027137dbe29e63f6f669eb932d0299fbe82f
Details	sha256	1	303b75a7c350d26116fe341d77105a33c8cb1da3dc82424c3eac401820e868dd
Details	sha256	1	340906b6b3a4149875dea37221843cb8b67c51eb4520b39956cb6761ef0a3c5d
Details	sha256	1	b3cc83978bbc4f5603e93ec8c687a7007a3f7dbfbae01bff0a30332b06ea44d9
Details	sha256	1	18e896a7547aacb33aa3941ab1b61659ed099c0f6fbb924068f81b4289b05f12
Details	sha256	2	4d208c86c8331b7f1f6dd53f83af9ee4ec700a74792b419f663a3ce105d15d1c
Details	sha256	1	28894a78bc00d6774d1242925787d35c5c2ae2563f5f7f1ff38dc0b441a15812
Details	sha256	1	747041d73b3eb29dde5c9e31efdd5e675f16f182c23999ed5613be0e9be12351
Details	sha256	1	15b4c1d29b41531b255e41d39d194a52bdc98a3b65a13771d8caf92372b324ce
Details	sha256	1	ac501bb7e9e1bc57dd027d152f4a7c473f108e37023aae4bad64117241963b5c
Details	sha256	1	7197de18bc5a4c854334ff979f3e4dafa16f43d7bf91edfe46f03e6cc88f7b73
Details	sha256	1	fe06b99a0287e2b2d9f7faffbda3a4b328ecc05eab56a3e730cfc99de803b192
Details	sha256	1	e94a7e835c657dd8a82dab5705db0ec279d1de97a3524f0e25e1e3d78f0561b8
Details	sha256	1	09df0591a885b8d16767820c9eac51a5dd8099a4b17a46bffe38b315a6e29d0b
Details	sha256	1	7333f4601379d5877ec1416e4d82654d312210d5bcf4d628b98207a737bdb654
Details	sha256	1	425616f2958ba176662eb9bd66259fb38ca513b5831f0a07956b22839d915306
Details	sha256	1	46eae3931334468246c728a7e0ab3bbfafe40c9f73f80bf0544b8aa649227d60
Details	sha256	1	de18ebedc5b29d66244773dda80b22ecf2c453cdbeaa85149c4ff0e96bdc4478
Details	sha256	1	70ef2e2fa3ac2c44a34963aca5dfe79e2b4f51795181374cca63bbf789f8a7f0
Details	sha256	1	b11941e0510e02283e7732a72f853027ea9271a2d4dc87d736ae33275eab2806
Details	sha256	1	bd81521445639aaa5e3bcb5ece94f73feda3a91880a34a01f92639f8640251d6
Details	sha256	1	0fc1b4fdf0dc5373f98de8817da9380479606f775f5aa0b9b0e1a78d4b49e5f4
Details	IPv4	1	115.144.166.240
Details	IPv4	1	203.111.252.40
Details	IPv4	1	27.255.69.209
Details	IPv4	1	27.255.91.238
Details	IPv4	1	106.184.5.30
Details	IPv4	1	160.16.243.147
Details	Url	1	http://115.144.166.240
Details	Url	1	http://203.111.252.40
Details	Url	1	http://27.255.69.209
Details	Url	1	http://27.255.91.238
Details	Url	1	http://106.184.5.30
Details	Url	1	http://airsteel.co.jp/cgi-bin/search/02/06_cgi.php
Details	Url	1	http://gigasolar.jp/images/blog/20131011news-3.php
Details	Url	1	http://www.atnet-photo.com/japan/themes/default/themes.php
Details	Url	1	http://www.primeob.com/include/mpage/store.php
Details	Url	1	http://baby.ests.jp/templates/themes.php
Details	Url	1	http://www.kamomeza.net/coppermine/images/thumb_dom.php
Details	Url	1	http://noukankyo.org/images/about/soshikizu.php
Details	Url	1	http://jmta.co.jp/module/template/plugin/math.php
Details	Url	1	http://i-frontierasia.com/shiryoku/link.php
Details	Url	1	http://leadoffnet.com/img/top/top_12.php
Details	Url	1	http://www.concierge.com.cn/public_html/wp-content/themes/comment.php
Details	Url	1	http://www.wco-kyousai.com/ex-engine/themes/xe_default/conf/info.php
Details	Url	1	http://angelbaby.jpn.cm/html/images/deletecomments.php
Details	Url	1	http://www.infomiracle.info/twitterquest/image/ser.dat
Details	Url	1	http://160.16.243.147/images/cui.jpg
Details	Url	1	http://160.16.243.147/images/ns.jpg
Details	Url	1	http://oan.jp/photo/logo_new.jpg
Details	Url	1	http://oan.jp/photo/logo_old.jpg
Details	Url	1	http://s-city.net/sport/pic1612.jpg
Details	Url	1	http://sha-sigma.com/led/aa.dat
Details	Url	1	http://www.s-city.net/images/beach6.jpg
Details	Url	1	http://www.stylmartin.co.jp/bdflashinfo/ns12.jpg
Details	Url	1	http://www.stylmartin.co.jp/bdflashinfo/pageicons/6.jpg
Details	Url	1	http://www.slvcx.com/t.rar
Details	Url	1	http://www.sinwa-jp.com/works/logo-unix.php
Details	Url	1	http://www.baiya.jp/2014dressnumber/images/logo-unix.php
Details	Windows Registry Key	2	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer