ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool JripBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: JripBot

NamesJripBot
Jiripbot
CategoryMalware
TypeReconnaissance, Backdoor, Credential stealer, Info stealer, Loader, Dropper
Description(Kaspersky) The malware set used by the Wild Neutron threat actor has several component groups, including:

• A main backdoor module that initiates the first communication with C&C server
• Several information gathering modules
• Exploitation tools
• SSH-based exfiltration tools
• Intermediate loaders and droppers that decrypt and run the payloads

Although customized, some of the modules seem to be heavily based on open source tools (e.g. the password dumper resembles the code of Mimikatz and Pass-The-Hash Toolkit) and commercial malware (HTTPS proxy module is practically identical to the one that is used by HesperBot).
Information<https://securelist.com/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/71275/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.jripbot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Jripbot>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool JripBot

ChangedNameCountryObserved

APT groups

 Wild Neutron, Butterfly, Sphinx Moth[Unknown]2013-Feb 2013 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key