Jacana Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	78
zh	16
fr	2
ja	2
pl	2

Country

us	52
cn	28
au	8
gb	6

Actors

DanaBot	2
Cobalt Strike	2
Earth Krahang	2
Patchwork	1
Camaro Dragon	1

Activities

Interest

Timeline

Type

Not Defined	26
Content Management System	22
Web Server	8
Router Operating System	6
Database Administration Software	4

Vendor

Not Defined	32
Microsoft	10
Joomla	8
D-Link	4
LogicBoard	2

Product

WordPress	10
Joomla CMS	8
phpMyAdmin	4
Microsoft IIS	4
LogicBoard CMS	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	jforum User input validation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.00	CVE-2019-7550
2	SOGo SAML Assertion signature verification	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00253	0.00	CVE-2021-33054
3	Hughes HX200/HX90/HX50L/HN9460/HN7000S cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00113	0.00	CVE-2023-22971
4	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.27	CVE-2010-0966
5	Microsoft Office Excel Remote Code Execution	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01365	0.02	CVE-2021-31939
6	phpMyAdmin Redirect url.php 7pk security	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00764	0.06	CVE-2015-7873
7	Xerox DocuShare sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00179	0.04	CVE-2014-3138
8	phpMyAdmin Error Reporting Page File php weakness	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00159	0.00	CVE-2014-8961
9	Emby Server request smuggling	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00091	0.04	CVE-2023-33193
10	RoundCube Webmail html2text.php preg_replace code injection	10.0	10.0	$0-$5k	$0-$5k	High	Not Defined	0.88647	0.03	CVE-2008-5619
11	Apache Struts ParametersInterceptor getClass denial of service	5.3	4.6	$5k-$25k	$0-$5k	High	Official Fix	0.97093	0.00	CVE-2014-0094
12	GG18/GG20 ECDSA Private Key injection	7.7	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00070	0.00	CVE-2023-33241
13	SiteServer SSCMS cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2022-30349
14	Kodexplorer OS File System path traversal	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00147	0.03	CVE-2022-46154
15	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.27	CVE-2017-0055
16	Mail2000 go cross site scripting	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00633	0.02	CVE-2019-15071
17	TOTOLINK X5000R/A720R HTTP Request os command injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02401	0.00	CVE-2021-27710
18	Synacor Zimbra Collaboration mboximport pathname traversal	4.7	4.5	$0-$5k	$0-$5k	High	Official Fix	0.94758	0.00	CVE-2022-27925
19	Oracle DB memory corruption	9.9	9.4	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.75247	0.00	CVE-2004-1371
20	Synacor Zimbra Collaboration Memcache Command injection	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.09665	0.04	CVE-2022-27924

Campaigns (1)

These are the campaigns that can be associated with the actor:

Guyana Government

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	23.106.122.5		Jacana	Guyana Government	10/29/2023	verified	High
2	23.106.122.46		Jacana	Guyana Government	10/29/2023	verified	High
3	XX.XXX.XXX.XXX		Xxxxxx	Xxxxxx Xxxxxxxxxx	10/29/2023	verified	High
4	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxx.xxx	Xxxxxx	Xxxxxx Xxxxxxxxxx	10/29/2023	verified	High
5	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxx.xx	Xxxxxx	Xxxxxx Xxxxxxxxxx	10/29/2023	verified	High
6	XXX.XX.X.XXX	xxx-xx-x-xxx.xxx.xx	Xxxxxx	Xxxxxx Xxxxxxxxxx	10/29/2023	verified	High
7	XXX.XXX.XXX.XX	xx.xxx-xxx-xxx.xxxx.xxxxxxxxxxx.xxx	Xxxxxx	Xxxxxx Xxxxxxxxxx	10/29/2023	verified	High

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/cgi-bin/go	predictive	Medium
2	File	/forum/away.php	predictive	High
3	File	/rom-0	predictive	Low
4	File	/uncpath/	predictive	Medium
5	File	/usr/ucb/mail	predictive	High
6	File	xxxxxxx.xxx	predictive	Medium
7	File	xxxx_xxxxx.xxx	predictive	High
8	File	xxxx.xxx	predictive	Medium
9	File	xxxxxxxxx.xxx	predictive	High
10	File	xxx/xxxxxx.xxx	predictive	High
11	File	xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	High
12	File	xxxxx_xxx.xxx	predictive	High
13	File	xxxxxx.xxx	predictive	Medium
14	File	xxxxx_xxxxxx_xxx.xxx	predictive	High
15	File	xxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxxxx.xxx	predictive	High
18	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
19	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	High
20	File	xxxxxx_xxx_xxxxxx.xxx	predictive	High
21	File	xxxxxx.xxx	predictive	Medium
22	File	xxx.xxx	predictive	Low
23	File	xx-xxxxxxxx/xx-xxxxxxxxx.xxx	predictive	High
24	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	High
25	File	xx-xxxx.xxx	predictive	Medium
26	File	xxxx.xx	predictive	Low
27	Library	xxxxxxxxxxx.xxx	predictive	High
28	Library	xxxxxxxx.xxx	predictive	Medium
29	Argument	xxxxxx	predictive	Low
30	Argument	xxxxxxxx	predictive	Medium
31	Argument	xxxxx	predictive	Low
32	Argument	xxxxx	predictive	Low
33	Argument	xx	predictive	Low
34	Argument	xx	predictive	Low
35	Argument	xx_xxxx_xxxx	predictive	Medium
36	Argument	xxxx_xx	predictive	Low
37	Argument	xxxx	predictive	Low
38	Argument	xxx	predictive	Low
39	Argument	xxx	predictive	Low
40	Argument	xxxx->xxxxxxx	predictive	High
41	Network Port	xxx/xxxx (xx-xxx-xxxxxxx)	predictive	High
42	Network Port	xxx xxxxxx xxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!