JasperLoader Analysis

IOB - Indicator of Behavior (51)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
es2
ru2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Accellion Kiteworks4
SolarWinds Serv-U FTP Server2
MobileIron Virtual Smartphone Platform2
DZCP deV!L`z Clanportal2
Oracle Fusion Middleware2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00890CVE-2020-17373
2Xerox WorkCentre input validation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01156CVE-2018-20767
3Accellion Kiteworks API Call token improper authentication6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01055CVE-2017-9421
4jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.52164CVE-2020-11022
5Apache HTTP Server mod_proxy access control7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.03032CVE-2021-33193
6Google Android Kernel use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01036CVE-2021-1048
7TP-Link WRD4300 Web Interface information disclosure4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01213CVE-2020-35575
8Teradici PCoIP Agent/PCoIP Client PCoIP.exe unquoted search path6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01036CVE-2019-20362
9QlikTech Qlikview XML Data AccessPoint.aspx xml external entity reference7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.08382CVE-2015-3623
10MinIO Admin API authentication bypass8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01018CVE-2020-11012
11Jitbit Helpdesk Password Reset Link PRNG entropy5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.32306CVE-2017-18486
123CX Phone System Management Console path traversal5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.07308CVE-2017-15359
13nextgen-gallery Plugin path traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2018-7586
14SiteBuilder SiteBuilder Elite code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.04187CVE-2008-1123
15K2 Component Access Control path traversal7.06.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00885CVE-2018-7482
16Joomla CMS Hathor postinstall Message sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.14991CVE-2018-6376
17DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.940.04187CVE-2010-0966
18Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.69867CVE-2020-35489
19mPDF Web Application getImage server-side request forgery9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2018-19047
20WordPress wpdb->prepare sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01183CVE-2017-16510

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1185.158.249.116tropical.nordicsurge.comJasperLoaderverifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictiveHigh
2File/.vnc/sesman_${username}_passwdpredictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/mics/j_spring_security_checkpredictiveHigh
5File/xxxxx/xxxxxpredictiveMedium
6File/xxx/xxx/xxxpredictiveMedium
7File/xxx-xpredictiveLow
8File/xxxxxxx/predictiveMedium
9File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
10Filexxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx/xxxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxxxx_xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
18Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveLow
22Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxpredictiveLow
25Argumentx_xxxxxxxxpredictiveMedium
26Argumentxxxx_xxxxpredictiveMedium
27ArgumentxxxxxxpredictiveLow
28ArgumentxxxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30Network PortxxxxpredictiveLow
31Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!