ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Bemstour

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Bemstour

NamesBemstour
CategoryMalware
TypeBackdoor
Description(Symantec) Bemstour exploits two Windows vulnerabilities in order to achieve remote kernel code execution on targeted computers. One vulnerability is a Windows zero-day vulnerability (CVE-2019-0703) discovered by Symantec. The second Windows vulnerability (CVE-2017-0143) was patched in March 2017 after it was discovered to have been used by two exploit tools—EternalRomance and EternalSynergy—that were also released as part of the Shadow Brokers leak.
Information<https://symantec-blogs.broadcom.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Bemstour>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool Bemstour

ChangedNameCountryObserved

APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key