IoTroop Analysis

IOB - Indicator of Behavior (13)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en10
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn12
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

BigBlueButton2
Plohni Advanced Comment System2
Django2
ifw8 Router ROM2
D-Link DIR-8062

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1TP-LINK TL-WDR5620 command injection7.57.5$2k-$5k$0-$1kNot DefinedNot Defined0.000.15362CVE-2019-6487
2QNAP QTS Helpdesk access control7.37.0$2k-$5k$0-$1kNot DefinedOfficial Fix0.000.01055CVE-2020-2507
3BigBlueButton path traversal8.58.2$2k-$5kCalculatingNot DefinedOfficial Fix0.000.01055CVE-2020-12443
4IBM Spectrum Protect Plus path traversal5.45.4$5k-$10k$5k-$10kNot DefinedNot Defined0.030.01055CVE-2020-4711
5VMware Horizon Client/Horizon Message Framework Library out-of-bounds6.46.1$10k-$25k$0-$1kNot DefinedOfficial Fix0.030.00890CVE-2018-6970
6Joomla CMS com_contenthistory information disclosure5.35.1$5k-$10k$0-$1kNot DefinedOfficial Fix0.020.01055CVE-2015-7859
7ifw8 Router ROM HTML Source Code usermanager.htm Credentials insufficiently protected credentials6.46.4$1k-$2k$0-$1kNot DefinedNot Defined0.020.16531CVE-2019-16313
8Intellian Aptus Web libagent.cgi os command injection8.08.0$2k-$5k$0-$1kNot DefinedNot Defined0.000.45466CVE-2020-7980
9Plohni Advanced Comment System Installation index.php code injection7.36.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.020.13011CVE-2009-4623
10Django sql injection8.58.2$10k-$25k$0-$1kNot DefinedOfficial Fix0.000.24563CVE-2020-7471
11D-Link DIR-806 code injection8.58.1$10k-$25k$0-$1kProof-of-ConceptNot Defined0.060.01055CVE-2019-10891
12Microsoft ASP.NET Security Feature improper authentication7.47.1$25k-$50k$0-$1kNot DefinedOfficial Fix0.060.06416CVE-2018-8171
13Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.102.101.121IoTroopverifiedHigh
2XXX.XXX.XX.XXXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileaction/usermanager.htmpredictiveHigh
2Filedata/gbconfiguration.datpredictiveHigh
3Filexxxxx.xxxpredictiveMedium
4Libraryxxx-xxx/xxxxxxxx.xxxpredictiveHigh
5Argumentxxx_xxxxpredictiveMedium
6ArgumentxxxxxxxxpredictiveMedium
7Argumentxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
8Input Value/../predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!