JasperLoader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en48
de4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
cn8
ru4
tr2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

JasperLoader2
Conti2
SharkBot2
BazarBackdoor2
Remcos2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Smartphone Operating System4
Content Management System4
Photo Gallery Software4
JavaScript Library2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Accellion4
TP-Link2
Red Hat2
MobileIron2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Accellion Kiteworks4
jQuery2
K2 Component2
TP-Link WA901ND2
TP-Link Archer C52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002480.02CVE-2020-17373
2Xerox WorkCentre input validation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.00CVE-2018-20767
3Accellion Kiteworks API Call token improper authentication6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2017-9421
4Plesk Obsidian REST API commands cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000830.03CVE-2022-45130
5Delta Electronics DX-2100-L1-CN urlfilter cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-42141
6Delta Electronics DX-2100-L1-CN net_diagnose command injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-42140
7jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.04CVE-2020-11022
8Apache HTTP Server mod_proxy access control7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001250.05CVE-2021-33193
9Google Android Kernel use after free6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.000640.04CVE-2021-1048
10TP-Link WRD4300 Web Interface information disclosure4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.194930.00CVE-2020-35575
11Teradici PCoIP Agent/PCoIP Client PCoIP.exe unquoted search path6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-20362
12QlikTech Qlikview XML Data AccessPoint.aspx xml external entity reference7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.044460.04CVE-2015-3623
13MinIO Admin API authentication bypass8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
14Jitbit Helpdesk Password Reset Link PRNG entropy5.95.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.171190.05CVE-2017-18486
153CX Phone System Management Console path traversal5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.002750.02CVE-2017-15359
16nextgen-gallery Plugin path traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2018-7586
17SiteBuilder SiteBuilder Elite code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007950.00CVE-2008-1123
18K2 Component Access Control path traversal7.06.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.00CVE-2018-7482
19Joomla CMS Hathor postinstall Message sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.170940.00CVE-2018-6376
20DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.31CVE-2010-0966

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.158.249.116tropical.nordicsurge.comJasperLoader04/13/2022verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxxx04/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictiveHigh
2File/.vnc/sesman_${username}_passwdpredictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/xxxx/x_xxxxxx_xxxxxxxx_xxxxxpredictiveHigh
6File/xxxxx/xxxxxpredictiveMedium
7File/xxx/xxx/xxxpredictiveMedium
8File/xxx-xpredictiveLow
9File/xxxxxxx/predictiveMedium
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
11Filexxxxxxxxxxx.xxxxpredictiveHigh
12Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxx/xxx_xxxxxxxxpredictiveHigh
15Filexxxxx/xxxxxxxxxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexxxxx_xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
21Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxpredictiveLow
25Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxpredictiveLow
28Argumentx_xxxxxxxxpredictiveMedium
29Argumentxxxx_xxxxpredictiveMedium
30ArgumentxxxxxxpredictiveLow
31ArgumentxxxxxpredictiveLow
32ArgumentxxxxxxxxpredictiveMedium
33Network PortxxxxpredictiveLow
34Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!