Joker Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en116
zh14
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn86
tt6
id4
us4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Joker7
Hancitor1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Smartphone Operating System14
Operating System8
Chip Software8
Content Management System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Google10
Linux8
IBM6
Huawei6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Linux Kernel8
FusionPBX6
Qualcomm Snapdragon Mobile6
ezXML4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Windows Message Queuing Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.959390.04CVE-2023-21554
2Spring Framework cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.04CVE-2020-5397
3Linux Kernel EXT4 File System jbd2_journal_dirty_metadata out-of-bounds write5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.01CVE-2018-10883
4Alibaba Nacos Access Prompt Page access control7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.051650.04CVE-2021-43116
5Yoast WordPress SEO Authentication class-bulk-editor-list-table.php cross-site request forgery6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005880.00CVE-2015-2293
6MStore API Plugin improper authentication8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.001310.00CVE-2023-2733
7Cesanta Mongoose mongoose.c integer overflow8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.434130.00CVE-2019-19307
8Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k and more$5k-$25kUnprovenOfficial Fix0.019380.00CVE-2022-26809
9Palo Alto PAN-OS Command Line Interface os command injection6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2021-3061
10Google Chrome memory corruption8.98.7$100k and more$5k-$25kNot DefinedOfficial Fix0.002230.00CVE-2010-4040
11SolarWinds Kiwi Syslog Server HTTP Header protection mechanism4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2021-35237
12Laravel Framework Permission .env writeNewEnvironmentFileWith Password information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.116080.04CVE-2017-16894
13Vmware SD-WAN Orchestrator hard-coded password7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2020-4001
14HPE integrated Lights Out privileges management6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.012970.05CVE-2018-7078
15HPE iLO 4/iLO 5 7pk security5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.007510.03CVE-2018-7105
16Observium Professional/Enterprise/Community inc.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002380.00CVE-2020-25133
17dom4j xml external entity reference8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006640.05CVE-2020-10683
18Uniqkey Password Manager Credentials credentials management6.56.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002780.04CVE-2019-10884
19Uniqkey Password Manager Credentials information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005620.03CVE-2019-10676
20GAT-Ship Web Module File Upload unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007170.04CVE-2019-11028

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.3.1.6Joker09/15/2019verifiedHigh
21.3.2.8Joker09/15/2019verifiedHigh
31.45.76.1Joker09/15/2019verifiedHigh
42.1.5.3Joker09/15/2019verifiedHigh
53.1.5.3ec2-3-1-5-3.ap-southeast-1.compute.amazonaws.comJoker09/15/2019verifiedMedium
63.122.143.26ec2-3-122-143-26.eu-central-1.compute.amazonaws.comJoker04/20/2022verifiedMedium
7X.X.X.Xxxxxxxx-xxx-xxx-xxx-xxx.x.x.xxxx.xxxxxxxxxx.xxXxxxx09/15/2019verifiedHigh
8X.XX.XX.Xxxxxxxxxx.xxxxxx-xxxxxxxx.xxx.xxxxxxxxx.xxXxxxx07/09/2020verifiedHigh
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx08/10/2022verifiedMedium
10XX.X.XX.XXx-xx-x-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxx09/15/2019verifiedHigh
11XX.XX.X.XXxxxx09/15/2019verifiedHigh
12XX.XX.XX.XXxxxx09/15/2019verifiedHigh
13XX.XX.X.XXxxxx09/15/2019verifiedHigh
14XX.XX.X.XXxxxx09/15/2019verifiedHigh
15XX.XX.X.XXxxxx09/15/2019verifiedHigh
16XX.XX.XXX.XXXXxxxx08/10/2022verifiedHigh
17XX.XXX.X.XXXxxxx08/10/2022verifiedHigh
18XX.XXX.XXX.XXXXxxxx04/20/2022verifiedHigh
19XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx08/10/2022verifiedMedium
20XXX.XXX.XXX.XXXxxxx08/10/2022verifiedHigh
21XXX.XXX.XX.XXXXxxxx08/10/2022verifiedHigh
22XXX.XXX.XX.XXXxxxx08/10/2022verifiedHigh
23XXX.XXX.XX.XXXxxxx08/10/2022verifiedHigh
24XXX.XXX.XX.XXXxxxx08/10/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxx08/10/2022verifiedHigh
26XXX.XX.XXX.XXXxxxx08/10/2022verifiedHigh
27XXX.XX.XXX.XXXxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/htdocs/admin/dict.php?id=3predictiveHigh
3File/wbg/core/_includes/authorization.inc.phppredictiveHigh
4Fileadmin/app/mediamanagerpredictiveHigh
5Fileadmin/class-bulk-editor-list-table.phppredictiveHigh
6Fileapp/call_centers/cmd.phppredictiveHigh
7Filexxx\xxxx\xxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xpredictiveMedium
9Filexxx.xxxpredictiveLow
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
12Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
13Filexxx/xxxxxxx/xxxxxxx.xpredictiveHigh
14Filexx/xxxxx/xxxxxx-xxxx.xpredictiveHigh
15Filexxxxxx/xxxxxxxxxpredictiveHigh
16Filexxx.xxxpredictiveLow
17Filexxx/xxxxxxxxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxx/xxxxxxxxxxx.xpredictiveHigh
19Filexxx.xpredictiveLow
20Filexxxxxxxx.xpredictiveMedium
21Filexxxxxxx/xxxxx-xxxx-xxx/xxx/xxxx-xxx.xpredictiveHigh
22Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
23Filexxxxxx.xpredictiveMedium
24Filexxxxxxxxx\xxxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxpredictiveMedium
26Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxx.xxpredictiveHigh
28Argumentxxxxxxx-xxxxxxpredictiveHigh
29Argumentxxxxxx/xxxxxxxpredictiveHigh
30ArgumentxxxxxxxpredictiveLow
31ArgumentxxxxpredictiveLow
32ArgumentxxxxxxpredictiveLow
33ArgumentxxxxxxpredictiveLow
34ArgumentxxxxxpredictiveLow
35ArgumentxxxxxpredictiveLow
36Argumentxxxxxx xxxxxxxxxpredictiveHigh
37ArgumentxxxxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39Argumentxxxxx['xxxxxx_xxxxxxx']predictiveHigh
40Argumentxxx_xxxxxpredictiveMedium
41Input Value../predictiveLow
42Input Valuexxxx%xxxxxpredictiveMedium
43Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!