Joker Analysis

IOB - Indicator of Behavior (120)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en112
zh8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn72

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
Uniqkey Password Manager4
Google Android4
Cryptocat4
ezXML4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Spring Framework cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01108CVE-2020-5397
2Linux Kernel EXT4 File System jbd2_journal_dirty_metadata out-of-bounds write5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01547CVE-2018-10883
3Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k and more$5k-$25kUnprovenOfficial Fix0.060.22240CVE-2022-26809
4Palo Alto PAN-OS Command Line Interface os command injection6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02055CVE-2021-3061
5Vmware SD-WAN Orchestrator hard-coded password7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-4001
6HPE integrated Lights Out privileges management6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02071CVE-2018-7078
7HPE iLO 4/iLO 5 7pk security5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02614CVE-2018-7105
8Observium Professional/Enterprise/Community inc.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01156CVE-2020-25133
9dom4j xml external entity reference8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02686CVE-2020-10683
10Uniqkey Password Manager Credentials credentials management6.55.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00885CVE-2019-10884
11Uniqkey Password Manager Credentials information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2019-10676
12GAT-Ship Web Module File Upload unrestricted upload7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2019-11028
13CMS Web-Gooroo authorization.inc.php sql injection8.57.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01564CVE-2017-18346
14Upwork Time Tracker Update SHA256 access control7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01005CVE-2019-12162
15Kilo Tab integer overflow7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01018CVE-2019-16096
16V-Zug Combi-Steam MSLQ improper authentication7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00885CVE-2019-17219
17Icewarp Webclient cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.00885CVE-2010-5336
18Schlix CMS File Upload mediamanager unrestricted upload5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.04571CVE-2019-11021
19CoreHR Core Portal Stored cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.00885CVE-2019-18221
20Cryptocat XMPP Request ID strophe.js information disclosure6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01018CVE-2013-2262

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (39)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/htdocs/admin/dict.php?id=3predictiveHigh
2File/wbg/core/_includes/authorization.inc.phppredictiveHigh
3Fileadmin/app/mediamanagerpredictiveHigh
4Fileapp/call_centers/cmd.phppredictiveHigh
5Fileapp\edit\filedelete.phppredictiveHigh
6Filexxxxxx.xpredictiveMedium
7Filexxx.xxxpredictiveLow
8Filexxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
10Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
11Filexxx/xxxxxxx/xxxxxxx.xpredictiveHigh
12Filexx/xxxxx/xxxxxx-xxxx.xpredictiveHigh
13Filexxxxxx/xxxxxxxxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxx/xxxxxxxxx_xxxxxx.xxxpredictiveHigh
16Filexxxxxx/xxxx/xxxxxxxxxxx.xpredictiveHigh
17Filexxx.xpredictiveLow
18Filexxxxxxx/xxxxx-xxxx-xxx/xxx/xxxx-xxx.xpredictiveHigh
19Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxxxxxxx\xxxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxpredictiveMedium
23Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxx.xxpredictiveHigh
25Argumentxxxxxxx-xxxxxxpredictiveHigh
26Argumentxxxxxx/xxxxxxxpredictiveHigh
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxpredictiveLow
29ArgumentxxxxxxpredictiveLow
30ArgumentxxxxxxpredictiveLow
31ArgumentxxxxxpredictiveLow
32Argumentxxxxxx xxxxxxxxxpredictiveHigh
33ArgumentxxxxxpredictiveLow
34ArgumentxxxxxxxxpredictiveMedium
35Argumentxxxxx['xxxxxx_xxxxxxx']predictiveHigh
36Argumentxxx_xxxxxpredictiveMedium
37Input Value../predictiveLow
38Input Valuexxxx%xxxxxpredictiveMedium
39Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!