Tropic Trooper Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en134
zh12
pl3
de3
fr2

Country

hk69
cn55
us22
pl3
gb2

Actors

Tropic Trooper88

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2D-Link DAP-1360 Telnet Service authorization8.58.3$5k-$25k$5k-$25kNot DefinedWorkaround0.00CVE-2019-18666
3Mailman input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-13796
4Oracle WebLogic Server Core Components Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2017-3248
5Joomla CMS denial of service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.08CVE-2014-7229
6Allegro RomPager Cookie code7.36.4$0-$5k$0-$5kHighOfficial Fix0.07CVE-2014-9222
7Extreme EXOS access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2017-14330
8F5 BIG-IP Advanced WAF/BIG-IP ASM MySQL Database resource consumption3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-23053
9contact-form-7 Plugin register_post_type access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-20979
10ThinkPHP Query.php aggregate sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2018-18530
11Question2Answer qa-install.php User input validation7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2017-12775
12Hikvision DS-2CDxxxxx improper authentication9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2017-7921
13Brocade Network Advisor FileReceiveServlet path traversal8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2016-8204
14WordPress Thumbnail input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2017-1000600
15phpThumb Default Configuration server-side request forgery5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2013-6919
16Cisco ASA IKEv1/IKEv2 ikev2_add_rcv_frag memory corruption9.98.9$100k and more$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2016-1287
17WordPress WP_Query class-wp-query.php sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.17CVE-2017-5611
18Citrix Netscaler Gateway Cookie gateway_login_form_view.js cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-4945
19Google Android Display memory corruption6.56.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2018-5909
20floragunn Search Guard Plugin Login Page injection6.66.3$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2018-20698

Campaigns (2)

These are the campaigns that can be associated with the actor:

  • Poison Ivy
  • USBferry

IOC - Indicator of Compromise (47)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
110.196.132.154High
223.27.112.216Poison IvyHigh
323.234.27.100High
427.126.176.169High
527.126.186.74krakow.intellectint.netHigh
627.126.186.222grupos.slidefresh.netHigh
745.32.47.14845.32.47.148.vultr.comMedium
845.125.12.147spk.cloudie.hkHigh
945.127.97.222High
10XX.XX.XX.XXXHigh
11XX.XXX.XXX.XXXxxxxx XxxHigh
12XX.XXX.XX.XXXXxxxxx XxxHigh
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxHigh
14XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxx XxxHigh
15XX.XXX.XX.XXxx-xxx-xx-xx.xxxxx-xx.xxxxx.xxxHigh
16XX.XXX.XXX.XXxxxx-xx-xxx-xxx-xx.xxx.xxxxxx.xxxxxxxxx.xxxHigh
17XXX.XXX.XXX.XXHigh
18XXX.XX.XXX.XXXHigh
19XXX.XX.XX.XXXHigh
20XXX.XX.XX.XXXHigh
21XXX.XXX.XX.XXXHigh
22XXX.XXX.XX.XXXHigh
23XXX.XXX.XXX.XXXHigh
24XXX.XXX.XXX.XXXxxx.xxxxxxx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxx XxxHigh
25XXX.XX.XXX.XXHigh
26XXX.XX.XXX.XXXHigh
27XXX.XX.XXX.XXXxxxxx XxxHigh
28XXX.XXX.XX.XXXHigh
29XXX.XXX.XXX.XXHigh
30XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxHigh
31XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxXxxxxxxxHigh
32XXX.X.XX.XXxxx-x-xx-xx.xxxxxx.xxxxx.xxxHigh
33XXX.XX.X.XXHigh
34XXX.X.XX.XXHigh
35XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxxHigh
36XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxxx.xxxxx.xxxHigh
37XXX.XXX.XX.XHigh
38XXX.XXX.XX.XXXHigh
39XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxx.xxxXxxxxx XxxHigh
40XXX.XXX.XXX.XXHigh
41XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxx XxxHigh
42XXX.XXX.X.XXxx-x-xxx-xxx-xxxxxxxxx.xxxxxxxx.xxxHigh
43XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxxxx.xxxxxxx.xxx.xxXxxxxx XxxHigh
44XXX.XXX.XXX.XXXHigh
45XXX.XXX.XXX.XXXHigh
46XXX.XXX.XX.XXXxxxxxxxx.xxxxx.xxxxxHigh
47XXX.XX.XX.XXXXxxxxx XxxHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/.ssh/authorized_keysHigh
2File/cgi-bin/api-get_line_statusHigh
3File/exportLow
4File/getcfg.phpMedium
5File/includes/rrdtool.inc.phpHigh
6File/onvif/device_serviceHigh
7File/SSOPOST/metaAlias/%realm%/idpv2High
8File/uncpath/Medium
9Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxHigh
10Filexxxxxx.xMedium
11Filexxxx.xLow
12Filexxx/xxxxxxx.xxHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
14Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxHigh
15Filexxxxxx/xxx/xxxxxxx.xxxHigh
16Filexxx/xxxx/xxx/xxxxx_xxxx.xHigh
17Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxHigh
18Filexxxxxxxx.xxxMedium
19Filexxx/xxxxx-xxxxxxxxxxxx.xxxHigh
20Filexxx/xxxxxx.xxxHigh
21Filexxxxxxxx/xxxxxx/xxxxxx.xxxHigh
22Filexxxxx.xxx?x=xxxxx&x=xxxxxxx&x=xxxxHigh
23Filexxxxxxxxxx/xxxxxxxx.xHigh
24Filexxxxxxx/xxxxx/xx/xxxxx.xxxHigh
25Filexxxxxxxxx.xxxHigh
26Filexxx_xxxxx.xxxHigh
27Filexxx/xxxxxxxx/xxxxxxx.xHigh
28Filexxxxxx.xxxMedium
29Filexxxx.xxxMedium
30Filexxxxxxx_xxxxxxx_xxxx.xxxHigh
31Filexxxxxxxxxx.xxxHigh
32Filexx-xxxxxxx/xx-xxxxxxx.xxxHigh
33Filexxxxx.xxxMedium
34Filexxxxxxxxxxxxxx.xxHigh
35Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
36Filexxxx_xxxxxxxxxx.xxHigh
37Filexxxxxxxxx.xxxHigh
38Filexxx/xx/xxxxxxx_xxxxx_xxxx_xxxx.xxHigh
39Filexx-xxxxx/xxxxx-xxxx.xxxHigh
40Filexx-xxxxx/xxxxx-xxxxxx.xxxHigh
41Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxHigh
42Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
43Filexx-xxxxx.xxxMedium
44Filexxxxxx.xMedium
45Filexxxxxxxxxxx.xxxHigh
46Library/xxx/xxx/xxxx.xxxHigh
47Libraryxxxxxxxx.xxx.xxxxxxxxx.xxxxxx()High
48Libraryxxxx.xxx/xxxxxx.xxxHigh
49ArgumentxxxxxxxxMedium
50ArgumentxxxxLow
51Argumentxxxxxxxxxx_xxxxHigh
52Argumentxxx_xxLow
53ArgumentxxxxxxxLow
54ArgumentxxxxxLow
55Argumentxxxxxx_xxMedium
56Argumentxxxxx xxxxxxxHigh
57ArgumentxxxxxxxxMedium
58ArgumentxxxxLow
59ArgumentxxLow
60ArgumentxxxxxxxLow
61ArgumentxxxxxLow
62ArgumentxxxxLow
63Argumentxxx_xxxxMedium
64ArgumentxxxxxxxLow
65Argumentxxxx_xxLow
66Argumentxxxxxxxx_xxMedium
67Argumentx_xxLow
68ArgumentxxxxxxxxMedium
69ArgumentxxxxxxxxxxxMedium
70ArgumentxxxxxxxxMedium
71ArgumentxxxLow
72ArgumentxxxLow
73ArgumentxxxxxxxxMedium
74Argumentxxxx->xxxxxxxHigh
75Input Value/%xxLow
76Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxHigh
77Network Portxxxx/xxxxMedium
78Network Portxxx xxxxxx xxxxHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!