Tropic Trooper Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Idioma

en	986
zh	14

País

us	982
cn	8
hk	6
gw	4

Actores

Tropic Trooper	5
Cobalt Strike	2
KeyBoy	1
Zegost	1
Conti	1

Interesar

Escribe

Not Defined	12
E-Commerce Management Software	6
Router Operating System	4
Server Management Software	4
Network Attached Storage Software	4

Proveedor

SourceCodester	6
Not Defined	4
VMware	4
QNAP	4
IBM	2

Producto

SourceCodester Alphaware Simple E-Commerce System	4
VMware vCenter Server	4
VMware Cloud Foundation	4
QNAP QTS	4
IBM API Connect	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	TRENDNet TEW-811DRU httpd guestnetwork.asp desbordamiento de búfer	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.14	CVE-2023-0617
2	TRENDnet TEW-652BRP Web Service cfg_op.ccp desbordamiento de búfer	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.04	CVE-2023-0618
3	TRENDnet TEW-652BRP Web Management Interface get_set.ccp escalada de privilegios	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.11	CVE-2023-0611
4	TRENDnet TEW-811DRU Web Management Interface wan.asp desbordamiento de búfer	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.05	CVE-2023-0637
5	TRENDnet TEW-652BRP Web Interface ping.ccp escalada de privilegios	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.07	CVE-2023-0640
6	TRENDnet TEW-811DRU httpd security.asp desbordamiento de búfer	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2023-0613
7	Netgear WNDR3700v2 Web Interface denegación de servicio	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.04	CVE-2023-0850
8	TP-Link Archer C50 Web Management Interface denegación de servicio	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.04	CVE-2023-0936
9	SourceCodester E-Commerce System cross site scripting	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.04	CVE-2023-1569
10	Ubiquiti EdgeRouter X OSPF escalada de privilegios [Disputa]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00934	0.08	CVE-2023-1458
11	SourceCodester Alphaware Simple E-Commerce System sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.00	CVE-2023-1504
12	SourceCodester E-Commerce System setDiscount.php sql injection	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.14	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.04	CVE-2023-1502
14	SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.07	CVE-2023-1503
15	IBM API Connect HTTP Request escalada de privilegios	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00091	0.05	CVE-2022-34350
16	WangEditor index.js cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2023-24251
17	VMware vCenter Server/Cloud Foundation DCERPC Protocol divulgación de información	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00068	0.04	CVE-2023-20896
18	PbootCMS cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.11	CVE-2024-1018
19	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.03	CVE-2022-21664
20	Orchard CMS HTML Modal Dialog cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.02	CVE-2022-32173

Campañas (2)

These are the campaigns that can be associated with the actor:

Poison Ivy
Xxxxxxxx

IOC - Indicator of Compromise (78)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	10.196.132.154		Tropic Trooper		2020-12-21	verified	Alto
2	23.27.112.216		Tropic Trooper	Poison Ivy	2020-12-21	verified	Alto
3	23.234.27.100		Tropic Trooper		2020-12-21	verified	Alto
4	27.126.176.169		Tropic Trooper		2020-12-21	verified	Alto
5	27.126.186.74	krakow.intellectint.net	Tropic Trooper		2020-12-21	verified	Alto
6	27.126.186.222	grupos.slidefresh.net	Tropic Trooper		2020-12-21	verified	Alto
7	43.129.177.152		Tropic Trooper		2022-07-29	verified	Alto
8	43.134.194.237		Tropic Trooper		2022-07-29	verified	Alto
9	43.154.74.7		Tropic Trooper		2022-07-29	verified	Alto
10	43.154.85.5		Tropic Trooper		2022-07-29	verified	Alto
11	43.154.88.192		Tropic Trooper		2022-07-29	verified	Alto
12	45.32.47.148	45.32.47.148.vultr.com	Tropic Trooper		2020-12-23	verified	Medio
13	45.76.218.247	45.76.218.247.vultrusercontent.com	Tropic Trooper		2022-07-29	verified	Alto
14	45.77.178.47	45.77.178.47.vultrusercontent.com	Tropic Trooper		2022-07-29	verified	Alto
15	45.77.214.244		Tropic Trooper		2022-02-22	verified	Alto
16	45.125.12.147	spk.cloudie.hk	Tropic Trooper		2020-12-21	verified	Alto
17	XX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
18	XX.XX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
19	XX.XXX.XXX.X		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
20	XX.XXX.XXX.XX		Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
21	XX.XXX.XX.XXX		Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
22	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
23	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
24	XX.XXX.XX.XX	xx-xxx-xx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
25	XX.XXX.XXX.XX	xxxx-xx-xxx-xxx-xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
26	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
27	XX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
28	XX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
29	XXX.XX.XX.XX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
30	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
31	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
32	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
33	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
34	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
35	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
36	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
37	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
38	XXX.XXX.XXX.XXX	xxx.xxxxxxx-xxx-xxx.xxxxxxx.xxxxxx.xx	Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
39	XXX.XX.XXX.XX		Xxxxxx Xxxxxxx		2020-12-23	verified	Alto
40	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
41	XXX.XX.XXX.XX		Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
42	XXX.XXX.XX.XX		Xxxxxx Xxxxxxx		2022-08-04	verified	Alto
43	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
44	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xxx.xx	Xxxxxx Xxxxxxx		2022-08-04	verified	Alto
45	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
46	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx		2022-08-04	verified	Alto
47	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
48	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
49	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxxxxx.xxxxxxx.xx	Xxxxxx Xxxxxxx	Xxxxxxxx	2020-12-21	verified	Alto
50	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
51	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
52	XXX.X.XX.XX	xxx-x-xx-xx.xxxxxx.xxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
53	XXX.XX.X.XX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
54	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
55	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
56	XXX.X.XX.XX		Xxxxxx Xxxxxxx		2020-12-23	verified	Alto
57	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-02-22	verified	Alto
58	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2022-02-22	verified	Alto
59	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
60	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
61	XXX.XX.XXX.XX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
62	XXX.XX.XXX.XX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
63	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
64	XXX.XXX.XX.X	xxx.xxx.xx.x.xxxxxx.xxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
65	XXX.XXX.XX.X		Xxxxxx Xxxxxxx		2020-12-23	verified	Alto
66	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
67	XXX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxxx.xxxxx.xxx	Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
68	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxx		2020-12-23	verified	Alto
69	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx-xx.xxxxxxxx.xxx	Xxxxxx Xxxxxxx		2022-02-22	verified	Alto
70	XXX.XXX.XXX.X	xxx-xxxxxx.xxxxxx-xx-xxxxx.xxx	Xxxxxx Xxxxxxx		2022-02-22	verified	Alto
71	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
72	XXX.XXX.X.XX	xx-x-xxx-xxx-xxxxxxxxx.xxxxxxxx.xxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
73	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxxxx.xxxxxxx.xxx.xx	Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto
74	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
75	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
76	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxx		2022-07-29	verified	Alto
77	XXX.XXX.XX.XXX	xxxxxxxx.xxxxx.xxxxx	Xxxxxx Xxxxxxx		2020-12-21	verified	Alto
78	XXX.XX.XX.XXX		Xxxxxx Xxxxxxx	Xxxxxx Xxx	2020-12-21	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/admin.php?p=/Area/index#tab=t2	predictive	Alto
2	File	/dist/index.js	predictive	Alto
3	File	/ecommerce/admin/settings/setDiscount.php	predictive	Alto
4	File	/wireless/guestnetwork.asp	predictive	Alto
5	File	/xxxxxxxx/xxxxxxxx.xxx	predictive	Alto
6	File	xxxxx/xxxxx_xxxxx.xxx	predictive	Alto
7	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Alto
8	File	xxx_xx.xxx	predictive	Medio
9	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Alto
10	File	xxx_xxx.xxx	predictive	Medio
11	File	xxxx.xxx	predictive	Medio
12	File	xxx/xxxx_xx_xxx.x	predictive	Alto
13	File	xxx.xxx	predictive	Bajo
14	Library	xxx/xxxxxxx.xxx.xxx	predictive	Alto
15	Argument	xxxx	predictive	Bajo
16	Argument	xxxxxx_xxx_xx	predictive	Alto
17	Argument	xxxxxxxx	predictive	Medio
18	Argument	xxxxx/xxxxxxxx	predictive	Alto
19	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Alto
20	Argument	xx	predictive	Bajo
21	Argument	xxxx	predictive	Bajo
22	Argument	xxxxxx_xxx	predictive	Medio
23	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
24	Argument	x_xxxx	predictive	Bajo
25	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Alto
26	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	Alto
27	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Alto
28	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Alto
29	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Alto

Referencias (12)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!