JasperLoader 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

タイムライン

言語

en44
de6
ru2
es2

国・地域

us42
ru4
cn4
gb2
id2

アクター

JasperLoader2
Conti2
SharkBot2
BazarBackdoor2
Remcos2

アクティビティ

関心

タイムライン

タイプ

Not Defined26
Web Server4
Web Browser2
Printing Software2
Firewall Software2

ベンダー

Not Defined20
Accellion4
Kemp2
Delta Electronics2
Ucweb2

製品

Accellion Kiteworks4
Kemp LoadMaster Operating System2
Delta Electronics DX-2100-L1-CN2
Ucweb UC Browser2
Xerox WorkCentre2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SugarCRM SQLインジェクション5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002080.02CVE-2020-17373
2Xerox WorkCentre 特権昇格7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2018-20767
3Accellion Kiteworks API Call token 弱い認証6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2017-9421
4Plesk Obsidian REST API commands 未知の脆弱性4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000830.03CVE-2022-45130
5Delta Electronics DX-2100-L1-CN urlfilter クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-42141
6Delta Electronics DX-2100-L1-CN net_diagnose 特権昇格6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-42140
7jQuery html クロスサイトスクリプティング5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.00CVE-2020-11022
8Apache HTTP Server mod_proxy 特権昇格7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.001150.04CVE-2021-33193
9Google Android Kernel メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000640.03CVE-2021-1048
10TP-Link WRD4300 Web Interface 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.168110.04CVE-2020-35575
11Teradici PCoIP Agent/PCoIP Client PCoIP.exe 特権昇格6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-20362
12QlikTech Qlikview XML Data AccessPoint.aspx XML External Entity7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.044460.00CVE-2015-3623
13MinIO Admin API 弱い認証8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
14Jitbit Helpdesk Password Reset Link PRNG 弱い暗号化5.95.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.171190.00CVE-2017-18486
153CX Phone System Management Console ディレクトリトラバーサル5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.002750.02CVE-2017-15359
16nextgen-gallery Plugin ディレクトリトラバーサル7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2018-7586
17SiteBuilder SiteBuilder Elite 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007950.02CVE-2008-1123
18K2 Component Access Control ディレクトリトラバーサル7.06.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.00CVE-2018-7482
19Joomla CMS Hathor postinstall Message SQLインジェクション8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.170940.00CVE-2018-6376
20DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.55CVE-2010-0966

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.158.249.116tropical.nordicsurge.comJasperLoader2022年04月13日verified
2XXX.XXX.XXX.XXXXxxxxxxxxxxx2022年04月13日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictive
2File/.vnc/sesman_${username}_passwdpredictive
3File/api/RecordingList/DownloadRecord?file=predictive
4File/api/v2/cli/commandspredictive
5File/xxxx/x_xxxxxx_xxxxxxxx_xxxxxpredictive
6File/xxxxx/xxxxxpredictive
7File/xxx/xxx/xxxpredictive
8File/xxx-xpredictive
9File/xxxxxxx/predictive
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
11Filexxxxxxxxxxx.xxxxpredictive
12Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxx/xxxxxx.xxxpredictive
14Filexxxxx/xxx_xxxxxxxxpredictive
15Filexxxxx/xxxxxxxxxpredictive
16Filexxxx.xxxpredictive
17Filexxxxx_xxxxxxxx.xxxpredictive
18Filexxxxxxx_xxxxxxx.xxxpredictive
19Filexxxx.xxxpredictive
20Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictive
21Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictive
22Argumentxxxxxxxxpredictive
23Argumentxxxxxxxxpredictive
24Argumentxxxpredictive
25Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictive
26Argumentxxxxxxxxpredictive
27Argumentxxpredictive
28Argumentx_xxxxxxxxpredictive
29Argumentxxxx_xxxxpredictive
30Argumentxxxxxxpredictive
31Argumentxxxxxpredictive
32Argumentxxxxxxxxpredictive
33Network Portxxxxpredictive
34Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!