BRONZE VINEWOOD
Objectives
Aliases
Tools
SUMMARY
BRONZE VINEWOOD has targeted legal, consulting, and software development organizations. CTU research also suggests that organizations that operate in government or defense supply chains, or that provide services to those organizations, are at increased risk from targeted threat groups like BRONZE VINEWOOD.
The group has used a range of tools for initial access, persistence, and lateral movement, including SQL injection, Trochilus RAT, HanaRat, and other malware. Stolen data has been compressed as RAR files and staged in Temp directories on compromised servers prior to exfiltration. The group uses a variety of command and control servers to make it harder to link BRONZE VINEWOOD intrusions. The group has also used public sites such as GitHub and Dropbox for command and control.
Threat Analysis
BRONZE VINEWOOD Targets Supply ChainsThreat Analysis
DropboxAES Remote Access TrojanContact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.