JripBot

Description

(Kaspersky) The malware set used by the Wild Neutron threat actor has several component groups, including:

• A main backdoor module that initiates the first communication with C&C server • Several information gathering modules • Exploitation tools • SSH-based exfiltration tools • Intermediate loaders and droppers that decrypt and run the payloads

Although customized, some of the modules seem to be heavily based on open source tools (e.g. the password dumper resembles the code of Mimikatz and Pass-The-Hash Toolkit) and commercial malware (HTTPS proxy module is practically identical to the one that is used by HesperBot).

Names

Name
JripBot
Jiripbot

Category

Malware

Type

• Reconnaissance
• Backdoor
• Credential stealer
• Info stealer
• Loader
• Dropper

Information

• https://securelist.com/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/71275/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.jripbot

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:Jripbot

Other Information

Uuid

742c30fb-2172-4d2a-89db-2112e2bf6971

Last Card Change

2020-04-23