IoTroop Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Cronología

Idioma

en14
it2

País

cn14
us2

Actores

IoTroop2
Viper RAT1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined8
Router Operating System4
Network Attached Storage Software2
Content Management System2

Proveedor

ifw82
SysAid2
Thomas R. Pasawicz2
QNAP2
Not Defined2

Producto

ifw8 Router ROM2
SysAid On-Premise2
Thomas R. Pasawicz HyperBook Guestbook2
QNAP QTS2
Django2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1Oracle Communications Cloud Native Core Network Data Analytics Function Automated Test Suite escalada de privilegios9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00367CVE-2023-44981
2SysAid On-Premise directory traversal7.67.5$0-$5kCalculadorHighOfficial Fix0.050.94027CVE-2023-47246
3Weaver OA jx2_config.ini escalada de privilegios5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.04166CVE-2023-2766
4TP-LINK TL-WDR5620 escalada de privilegios7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00189CVE-2019-6487
5QNAP QTS Helpdesk escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00315CVE-2020-2507
6BigBlueButton directory traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00682CVE-2020-12443
7IBM Spectrum Protect Plus directory traversal5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00154CVE-2020-4711
8VMware Horizon Client/Horizon Message Framework Library divulgación de información6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00379CVE-2018-6970
9Joomla CMS com_contenthistory divulgación de información5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00307CVE-2015-7859
10ifw8 Router ROM HTML Source Code usermanager.htm Credentials divulgación de información6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.070.04059CVE-2019-16313
11Intellian Aptus Web libagent.cgi escalada de privilegios8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.97015CVE-2020-7980
12Plohni Advanced Comment System Installation index.php escalada de privilegios7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00997CVE-2009-4623
13Django sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00742CVE-2020-7471
14D-Link DIR-806 escalada de privilegios8.58.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.00425CVE-2019-10891
15Microsoft ASP.NET Security Feature autenticación débil7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00424CVE-2018-8171
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
127.102.101.121IoTroop2022-02-12verifiedAlto
2XXX.XXX.XX.XXXXxxxxxx2022-02-12verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveAlto
2Fileaction/usermanager.htmpredictiveAlto
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
4Filexxxxx.xxxpredictiveMedio
5Libraryxxx-xxx/xxxxxxxx.xxxpredictiveAlto
6Argumentxxx_xxxxpredictiveMedio
7ArgumentxxxxxxxxpredictiveMedio
8Argumentxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveAlto
9Input Value/../predictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!