Joker 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

タイムライン

言語

en128
zh4

国・地域

cn84
tt10
us10
id2

アクター

Joker9
Hancitor1

アクティビティ

関心

タイムライン

タイプ

Not Defined50
Smartphone Operating System10
Operating System8
Network Management Software6
Mail Server Software6

ベンダー

Not Defined32
Google6
Cisco6
Linux6
Qualcomm6

製品

Google Android6
Linux Kernel6
Qualcomm Snapdragon Mobile6
Eximious Logo Designer4
Qualcomm Snapdragon Auto4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Windows Message Queuing Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.955760.04CVE-2023-21554
2Spring Framework 未知の脆弱性5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.04CVE-2020-5397
3Linux Kernel EXT4 File System jbd2_journal_dirty_metadata メモリ破損5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2018-10883
4Alibaba Nacos Access Prompt Page 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.051650.03CVE-2021-43116
5Yoast WordPress SEO Authentication class-bulk-editor-list-table.php 未知の脆弱性6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005740.00CVE-2015-2293
6MStore API Plugin 弱い認証8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.002090.00CVE-2023-2733
7Cesanta Mongoose mongoose.c メモリ破損8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.434130.00CVE-2019-19307
8Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k 以上$5k-$25kUnprovenOfficial Fix0.022460.06CVE-2022-26809
9Palo Alto PAN-OS Command Line Interface 特権昇格6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2021-3061
10Google Chrome メモリ破損8.98.7$100k 以上$5k-$25kNot DefinedOfficial Fix0.002230.00CVE-2010-4040
11SolarWinds Kiwi Syslog Server HTTP Header 特権昇格4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000790.00CVE-2021-35237
12Laravel Framework Permission .env writeNewEnvironmentFileWith Password 情報の漏洩6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.116080.05CVE-2017-16894
13Vmware SD-WAN Orchestrator 弱い認証7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2020-4001
14HPE integrated Lights Out 特権昇格6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.012970.05CVE-2018-7078
15HPE iLO 4/iLO 5 特権昇格5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.008950.03CVE-2018-7105
16Observium Professional/Enterprise/Community inc.php 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002380.00CVE-2020-25133
17dom4j XML External Entity8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006640.05CVE-2020-10683
18Uniqkey Password Manager Credentials 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002780.04CVE-2019-10884
19Uniqkey Password Manager Credentials 情報の漏洩5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005620.04CVE-2019-10676
20GAT-Ship Web Module File Upload 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007160.04CVE-2019-11028

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.3.1.6Joker2019年09月15日verified
21.3.2.8Joker2019年09月15日verified
31.45.76.1Joker2019年09月15日verified
42.1.5.3Joker2019年09月15日verified
53.1.5.3ec2-3-1-5-3.ap-southeast-1.compute.amazonaws.comJoker2019年09月15日verified
63.122.143.26ec2-3-122-143-26.eu-central-1.compute.amazonaws.comJoker2022年04月20日verified
7X.X.X.Xxxxxxxx-xxx-xxx-xxx-xxx.x.x.xxxx.xxxxxxxxxx.xxXxxxx2019年09月15日verified
8X.XX.XX.Xxxxxxxxxx.xxxxxx-xxxxxxxx.xxx.xxxxxxxxx.xxXxxxx2020年07月09日verified
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx2022年08月10日verified
10XX.X.XX.XXx-xx-x-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxx2019年09月15日verified
11XX.XX.X.XXxxxx2019年09月15日verified
12XX.XX.XX.XXxxxx2019年09月15日verified
13XX.XX.X.XXxxxx2019年09月15日verified
14XX.XX.X.XXxxxx2019年09月15日verified
15XX.XX.X.XXxxxx2019年09月15日verified
16XX.XX.XXX.XXXXxxxx2022年08月10日verified
17XX.XXX.X.XXXxxxx2022年08月10日verified
18XX.XXX.XXX.XXXXxxxx2022年04月20日verified
19XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx2022年08月10日verified
20XXX.XXX.XXX.XXXxxxx2022年08月10日verified
21XXX.XXX.XX.XXXXxxxx2022年08月10日verified
22XXX.XXX.XX.XXXxxxx2022年08月10日verified
23XXX.XXX.XX.XXXxxxx2022年08月10日verified
24XXX.XXX.XX.XXXxxxx2022年08月10日verified
25XXX.XXX.XXX.XXXxxxx2022年08月10日verified
26XXX.XX.XXX.XXXxxxx2022年08月10日verified
27XXX.XX.XXX.XXXxxxx2022年08月10日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/.envpredictive
2File/htdocs/admin/dict.php?id=3predictive
3File/wbg/core/_includes/authorization.inc.phppredictive
4Fileadmin/app/mediamanagerpredictive
5Fileadmin/class-bulk-editor-list-table.phppredictive
6Fileapp/call_centers/cmd.phppredictive
7Filexxx\xxxx\xxxxxxxxxx.xxxpredictive
8Filexxxxxx.xpredictive
9Filexxx.xxxpredictive
10Filexxxxxxxxxxxx.xxxpredictive
11Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictive
12Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictive
13Filexxx/xxxxxxx/xxxxxxx.xpredictive
14Filexx/xxxxx/xxxxxx-xxxx.xpredictive
15Filexxxxxx/xxxxxxxxxpredictive
16Filexxx.xxxpredictive
17Filexxx/xxxxxxxxx_xxxxxx.xxxpredictive
18Filexxxxxx/xxxx/xxxxxxxxxxx.xpredictive
19Filexxx.xpredictive
20Filexxxxxxxx.xpredictive
21Filexxxxxxx/xxxxx-xxxx-xxx/xxx/xxxx-xxx.xpredictive
22Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
23Filexxxxxx.xpredictive
24Filexxxxxxxxx\xxxxxx.xxxpredictive
25Filexxxxxxx.xxpredictive
26Filexxxxx/_xxxxxxxx.xxxpredictive
27Filexxxxxxxxxxx.xxpredictive
28Argumentxxxxxxx-xxxxxxpredictive
29Argumentxxxxxx/xxxxxxxpredictive
30Argumentxxxxxxxpredictive
31Argumentxxxxpredictive
32Argumentxxxxxxpredictive
33Argumentxxxxxxpredictive
34Argumentxxxxxpredictive
35Argumentxxxxxpredictive
36Argumentxxxxxx xxxxxxxxxpredictive
37Argumentxxxxxpredictive
38Argumentxxxxxxxxpredictive
39Argumentxxxxx['xxxxxx_xxxxxxx']predictive
40Argumentxxx_xxxxxpredictive
41Input Value../predictive
42Input Valuexxxx%xxxxxpredictive
43Network Portxxx/xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!