Joker 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

时间轴

语言

en120
zh10
de2

国家/地区

cn78
tt6
us6
id2
de2

演员

Joker7
Hancitor1

活动

利益

时间轴

类型

Not Defined62
Operating System8
Content Management System8
Smartphone Operating System6
Router Operating System6

供应商

Not Defined48
Google6
IBM6
HPE4
Apple4

产品

FusionPBX6
ezXML4
Uniqkey Password Manager4
Microsoft Windows4
Google Chrome4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows Message Queuing Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.959700.00CVE-2023-21554
2Spring Framework 跨网站请求伪造5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.02CVE-2020-5397
3Linux Kernel EXT4 File System jbd2_journal_dirty_metadata 内存损坏5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.01CVE-2018-10883
4Alibaba Nacos Access Prompt Page 权限升级7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.041030.08CVE-2021-43116
5Yoast WordPress SEO Authentication class-bulk-editor-list-table.php 跨网站请求伪造6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005880.00CVE-2015-2293
6MStore API Plugin 弱身份验证8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.001420.00CVE-2023-2733
7Cesanta Mongoose mongoose.c 内存损坏8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.434130.02CVE-2019-19307
8Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k 以及更多$5k-$25kUnprovenOfficial Fix0.015580.03CVE-2022-26809
9Palo Alto PAN-OS Command Line Interface 权限升级6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.02CVE-2021-3061
10Google Chrome 内存损坏8.98.7$100k 以及更多$0-$5kNot DefinedOfficial Fix0.002830.02CVE-2010-4040
11SolarWinds Kiwi Syslog Server HTTP Header 权限升级4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2021-35237
12Laravel Framework Permission .env writeNewEnvironmentFileWith Password 信息公开6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.116080.00CVE-2017-16894
13Vmware SD-WAN Orchestrator 弱身份验证7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2020-4001
14HPE integrated Lights Out 权限升级6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.012970.02CVE-2018-7078
15HPE iLO 4/iLO 5 权限升级5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.007510.03CVE-2018-7105
16Observium Professional/Enterprise/Community inc.php 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002380.00CVE-2020-25133
17dom4j XML External Entity8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006640.02CVE-2020-10683
18Uniqkey Password Manager Credentials 权限升级6.56.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002780.04CVE-2019-10884
19Uniqkey Password Manager Credentials 信息公开5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005620.03CVE-2019-10676
20GAT-Ship Web Module File Upload 权限升级7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005060.04CVE-2019-11028

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
11.3.1.6Joker2019-09-15verified
21.3.2.8Joker2019-09-15verified
31.45.76.1Joker2019-09-15verified
42.1.5.3Joker2019-09-15verified
53.1.5.3ec2-3-1-5-3.ap-southeast-1.compute.amazonaws.comJoker2019-09-15verified
63.122.143.26ec2-3-122-143-26.eu-central-1.compute.amazonaws.comJoker2022-04-20verified
7X.X.X.Xxxxxxxx-xxx-xxx-xxx-xxx.x.x.xxxx.xxxxxxxxxx.xxXxxxx2019-09-15verified
8X.XX.XX.Xxxxxxxxxx.xxxxxx-xxxxxxxx.xxx.xxxxxxxxx.xxXxxxx2020-07-09verified
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx2022-08-10verified
10XX.X.XX.XXx-xx-x-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxx2019-09-15verified
11XX.XX.X.XXxxxx2019-09-15verified
12XX.XX.XX.XXxxxx2019-09-15verified
13XX.XX.X.XXxxxx2019-09-15verified
14XX.XX.X.XXxxxx2019-09-15verified
15XX.XX.X.XXxxxx2019-09-15verified
16XX.XX.XXX.XXXXxxxx2022-08-10verified
17XX.XXX.X.XXXxxxx2022-08-10verified
18XX.XXX.XXX.XXXXxxxx2022-04-20verified
19XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx2022-08-10verified
20XXX.XXX.XXX.XXXxxxx2022-08-10verified
21XXX.XXX.XX.XXXXxxxx2022-08-10verified
22XXX.XXX.XX.XXXxxxx2022-08-10verified
23XXX.XXX.XX.XXXxxxx2022-08-10verified
24XXX.XXX.XX.XXXxxxx2022-08-10verified
25XXX.XXX.XXX.XXXxxxx2022-08-10verified
26XXX.XX.XXX.XXXxxxx2022-08-10verified
27XXX.XX.XXX.XXXxxxx2022-08-10verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/.envpredictive
2File/htdocs/admin/dict.php?id=3predictive
3File/wbg/core/_includes/authorization.inc.phppredictive
4Fileadmin/app/mediamanagerpredictive
5Fileadmin/class-bulk-editor-list-table.phppredictive
6Fileapp/call_centers/cmd.phppredictive
7Filexxx\xxxx\xxxxxxxxxx.xxxpredictive
8Filexxxxxx.xpredictive
9Filexxx.xxxpredictive
10Filexxxxxxxxxxxx.xxxpredictive
11Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictive
12Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictive
13Filexxx/xxxxxxx/xxxxxxx.xpredictive
14Filexx/xxxxx/xxxxxx-xxxx.xpredictive
15Filexxxxxx/xxxxxxxxxpredictive
16Filexxx.xxxpredictive
17Filexxx/xxxxxxxxx_xxxxxx.xxxpredictive
18Filexxxxxx/xxxx/xxxxxxxxxxx.xpredictive
19Filexxx.xpredictive
20Filexxxxxxxx.xpredictive
21Filexxxxxxx/xxxxx-xxxx-xxx/xxx/xxxx-xxx.xpredictive
22Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
23Filexxxxxx.xpredictive
24Filexxxxxxxxx\xxxxxx.xxxpredictive
25Filexxxxxxx.xxpredictive
26Filexxxxx/_xxxxxxxx.xxxpredictive
27Filexxxxxxxxxxx.xxpredictive
28Argumentxxxxxxx-xxxxxxpredictive
29Argumentxxxxxx/xxxxxxxpredictive
30Argumentxxxxxxxpredictive
31Argumentxxxxpredictive
32Argumentxxxxxxpredictive
33Argumentxxxxxxpredictive
34Argumentxxxxxpredictive
35Argumentxxxxxpredictive
36Argumentxxxxxx xxxxxxxxxpredictive
37Argumentxxxxxpredictive
38Argumentxxxxxxxxpredictive
39Argumentxxxxx['xxxxxx_xxxxxxx']predictive
40Argumentxxx_xxxxxpredictive
41Input Value../predictive
42Input Valuexxxx%xxxxxpredictive
43Network Portxxx/xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!