IoTroop Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

QNAP QTS2
D-Link DIR-8062
IBM Spectrum Protect Plus2
ifw8 Router ROM2
Weaver OA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Oracle Communications Cloud Native Core Network Data Analytics Function Automated Test Suite authorization9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003670.02CVE-2023-44981
2SysAid On-Premise path traversal7.67.5$0-$5k$0-$5kHighOfficial Fix0.935450.00CVE-2023-47246
3Weaver OA jx2_config.ini file access5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.078830.08CVE-2023-2766
4TP-LINK TL-WDR5620 command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001950.05CVE-2019-6487
5QNAP QTS Helpdesk access control7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.03CVE-2020-2507
6BigBlueButton path traversal8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006820.04CVE-2020-12443
7IBM Spectrum Protect Plus path traversal5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002110.00CVE-2020-4711
8VMware Horizon Client/Horizon Message Framework Library out-of-bounds6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003180.05CVE-2018-6970
9Joomla CMS com_contenthistory information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003070.04CVE-2015-7859
10ifw8 Router ROM HTML Source Code usermanager.htm Credentials insufficiently protected credentials6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.023540.00CVE-2019-16313
11Intellian Aptus Web libagent.cgi os command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.968760.03CVE-2020-7980
12Plohni Advanced Comment System Installation index.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.008260.04CVE-2009-4623
13Django sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010360.04CVE-2020-7471
14D-Link DIR-806 code injection8.58.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.004250.04CVE-2019-10891
15Microsoft ASP.NET Security Feature improper authentication7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004240.08CVE-2018-8171
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.101.121IoTroop02/12/2022verifiedHigh
2XXX.XXX.XX.XXXXxxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
2Fileaction/usermanager.htmpredictiveHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxx.xxxpredictiveMedium
5Libraryxxx-xxx/xxxxxxxx.xxxpredictiveHigh
6Argumentxxx_xxxxpredictiveMedium
7ArgumentxxxxxxxxpredictiveMedium
8Argumentxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
9Input Value/../predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!