JasperLoader Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Sequenza temporale

Linguaggio

en48
de4
ru2

Nazione

us34
cn10
ir2
tr2
in2

Attori

JasperLoader2
Conti2
SharkBot2
BazarBackdoor2
Remcos2

Attività

Interesse

Sequenza temporale

Genere

Not Defined24
Hosting Control Software2
Content Management System2
Groupware Software2
Unified Communication Software2

Fornitore

Not Defined20
Microsoft4
Kemp2
Accellion2
Plesk2

Prodotto

Kemp LoadMaster Operating System2
Accellion Kiteworks2
SugarCRM2
Plesk Obsidian2
QlikTech Qlikview2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002080.02CVE-2020-17373
2Xerox WorkCentre escalazione di privilegi7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2018-20767
3Accellion Kiteworks API Call token autenticazione debole6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2017-9421
4Plesk Obsidian REST API commands cross site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000830.03CVE-2022-45130
5Delta Electronics DX-2100-L1-CN urlfilter cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-42141
6Delta Electronics DX-2100-L1-CN net_diagnose escalazione di privilegi6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-42140
7jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.00CVE-2020-11022
8Apache HTTP Server mod_proxy escalazione di privilegi7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.001150.04CVE-2021-33193
9Google Android Kernel buffer overflow6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000640.03CVE-2021-1048
10TP-Link WRD4300 Web Interface rivelazione di un 'informazione4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.168110.04CVE-2020-35575
11Teradici PCoIP Agent/PCoIP Client PCoIP.exe escalazione di privilegi6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-20362
12QlikTech Qlikview XML Data AccessPoint.aspx XML External Entity7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.044460.00CVE-2015-3623
13MinIO Admin API autenticazione debole8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
14Jitbit Helpdesk Password Reset Link PRNG crittografia debole5.95.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.171190.00CVE-2017-18486
153CX Phone System Management Console directory traversal5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.002750.02CVE-2017-15359
16nextgen-gallery Plugin directory traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2018-7586
17SiteBuilder SiteBuilder Elite escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007950.02CVE-2008-1123
18K2 Component Access Control directory traversal7.06.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.00CVE-2018-7482
19Joomla CMS Hathor postinstall Message sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.170940.00CVE-2018-6376
20DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1185.158.249.116tropical.nordicsurge.comJasperLoader13/04/2022verifiedAlto
2XXX.XXX.XXX.XXXXxxxxxxxxxxx13/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictiveAlto
2File/.vnc/sesman_${username}_passwdpredictiveAlto
3File/api/RecordingList/DownloadRecord?file=predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/xxxx/x_xxxxxx_xxxxxxxx_xxxxxpredictiveAlto
6File/xxxxx/xxxxxpredictiveMedia
7File/xxx/xxx/xxxpredictiveMedia
8File/xxx-xpredictiveBasso
9File/xxxxxxx/predictiveMedia
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveAlto
11Filexxxxxxxxxxx.xxxxpredictiveAlto
12Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
13Filexxx/xxxxxx.xxxpredictiveAlto
14Filexxxxx/xxx_xxxxxxxxpredictiveAlto
15Filexxxxx/xxxxxxxxxpredictiveAlto
16Filexxxx.xxxpredictiveMedia
17Filexxxxx_xxxxxxxx.xxxpredictiveAlto
18Filexxxxxxx_xxxxxxx.xxxpredictiveAlto
19Filexxxx.xxxpredictiveMedia
20Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveAlto
21Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveAlto
22ArgumentxxxxxxxxpredictiveMedia
23ArgumentxxxxxxxxpredictiveMedia
24ArgumentxxxpredictiveBasso
25Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveAlto
26ArgumentxxxxxxxxpredictiveMedia
27ArgumentxxpredictiveBasso
28Argumentx_xxxxxxxxpredictiveMedia
29Argumentxxxx_xxxxpredictiveMedia
30ArgumentxxxxxxpredictiveBasso
31ArgumentxxxxxpredictiveBasso
32ArgumentxxxxxxxxpredictiveMedia
33Network PortxxxxpredictiveBasso
34Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!