Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:41:56 UTC
Home > List all groups > List all tools > List all groups using tool JripBot
 Tool: JripBot
Names
JripBot
Jiripbot
Category Malware
Type Reconnaissance, Backdoor, Credential stealer, Info stealer, Loader, Dropper
Description
(Kaspersky) The malware set used by the Wild Neutron threat actor has several
component groups, including:
• A main backdoor module that initiates the first communication with C&C server
• Several information gathering modules
• Exploitation tools
• SSH-based exfiltration tools
• Intermediate loaders and droppers that decrypt and run the payloads
Although customized, some of the modules seem to be heavily based on open source tools
(e.g. the password dumper resembles the code of Mimikatz and Pass-The-Hash Toolkit)
and commercial malware (HTTPS proxy module is practically identical to the one that is
used by HesperBot).
Information
Malpedia AlienVault OTX Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool JripBot
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=742c30fb-2172-4d2a-89db-2112e2bf6971
Page 1 of 2

APT groups
  Wild Neutron, Butterfly, Sphinx Moth [Unknown] 2013-Feb 2013  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=742c30fb-2172-4d2a-89db-2112e2bf6971
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=742c30fb-2172-4d2a-89db-2112e2bf6971
Page 2 of 2