IoTroop 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

时间轴

语言

en12
zh2
it2

国家/地区

cn14
us2

演员

IoTroop2
Viper RAT1

活动

利益

时间轴

类型

Not Defined10
Content Management System2
Network Attached Storage Software2
Backup Software2

供应商

Weaver2
Joomla2
Intellian2
VMware2
Microsoft2

产品

Weaver OA2
Joomla CMS2
Intellian Aptus Web2
VMware Horizon Client2
VMware Horizon2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Oracle Communications Cloud Native Core Network Data Analytics Function Automated Test Suite 权限升级9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003670.02CVE-2023-44981
2SysAid On-Premise 目录遍历7.67.5$0-$5k$0-$5kHighOfficial Fix0.934570.04CVE-2023-47246
3Weaver OA jx2_config.ini 权限升级5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.037670.18CVE-2023-2766
4TP-LINK TL-WDR5620 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001890.04CVE-2019-6487
5QNAP QTS Helpdesk 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.03CVE-2020-2507
6BigBlueButton 目录遍历8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006820.03CVE-2020-12443
7IBM Spectrum Protect Plus 目录遍历5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001540.00CVE-2020-4711
8VMware Horizon Client/Horizon Message Framework Library 信息公开6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003790.03CVE-2018-6970
9Joomla CMS com_contenthistory 信息公开5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003070.03CVE-2015-7859
10ifw8 Router ROM HTML Source Code usermanager.htm Credentials 信息公开6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.040590.07CVE-2019-16313
11Intellian Aptus Web libagent.cgi 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.970150.00CVE-2020-7980
12Plohni Advanced Comment System Installation index.php 权限升级7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009970.06CVE-2009-4623
13Django SQL注入8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007420.00CVE-2020-7471
14D-Link DIR-806 权限升级8.58.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.004250.03CVE-2019-10891
15Microsoft ASP.NET Security Feature 弱身份验证7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004240.04CVE-2018-8171
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
127.102.101.121IoTroop2022-02-12verified
2XXX.XXX.XX.XXXXxxxxxx2022-02-12verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictive
2Fileaction/usermanager.htmpredictive
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
4Filexxxxx.xxxpredictive
5Libraryxxx-xxx/xxxxxxxx.xxxpredictive
6Argumentxxx_xxxxpredictive
7Argumentxxxxxxxxpredictive
8Argumentxxxxxxxxxxxx/xxxxxxxxxxxxpredictive
9Input Value/../predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!