Konni Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (176)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en112
zh42
ja14
es4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China68
US: USA62
GB: Great Britain10
KR: South Korea8
JP: Japan6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Konni11
Cobalt Strike5
RecordBreaker4
BumbleBee3
Meterpreter3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined54
Router Operating System22
Operating System14
Content Management System10
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Microsoft14
D-Link10
Juniper4
Check Point4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
WordPress6
Juniper Junos4
PRTG Network Monitor4
OpenBB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Cisco ASA SSL VPN double free10.09.5$100k and more$0-$5kHighOfficial Fix0.941570.03CVE-2018-0101
2Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.007560.05CVE-2022-37958
3Secomea GateManager insufficient privileges5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2022-25782
4UBI Reader UBIFS File output.py ubireader_extract_files path traversal6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.05CVE-2022-4572
5ubi-reader UBIFS File ubireader_extract_files path traversal5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2023-0591
6Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kHighOfficial Fix0.003720.00CVE-2022-41091
7Synacor Zimbra Collaboration Suite sudo Configuration zmslapd access control8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.04CVE-2022-37393
8vsftpd Service Port 6200 os command injection8.58.4$25k-$100k$5k-$25kNot DefinedWorkaround0.883120.08CVE-2011-2523
9PRTG Network Monitor HTTP Advanced Sensor HttpAdvancedSensor.exe access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.009770.04CVE-2018-19204
10Zyxel USG/USG Flex/Zywall/ATP/VPN Web-based Management Interface improper authentication7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.006950.05CVE-2021-35029
11Oracle Solaris Common Desktop Environment access control7.87.5$5k-$25k$0-$5kHighOfficial Fix0.001040.00CVE-2017-3622
12MikroTik RouterOS SMB memory corruption8.58.4$0-$5k$0-$5kHighOfficial Fix0.854760.04CVE-2018-7445
13Pluto PortletV3AnnotatedDemo information disclosure6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.924030.00CVE-2018-1306
14Genivia gSOAP WS-Addressing Plugin integer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.037860.08CVE-2020-13576
15Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
16VMware vCenter Server DCERPC Protocol out-of-bounds write9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.043850.00CVE-2023-34048
17SourceCodester Employee Task Management System update-employee.php authorization7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2577
18Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.075690.07CVE-2022-46463
19DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.07CVE-2023-1162
20Apache Tomcat information disclosure4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2011-2204

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.8.71.81t076287416453.example.comKonni06/18/2024verifiedVery High
231.170.160.129Konni12/23/2020verifiedLow
331.170.162.63Konni12/23/2020verifiedLow
431.170.163.30cpl07.main-hosting.euKonni12/23/2020verifiedVery Low
588.119.169.7322380-37775.bacloud.infoKonni09/05/2023verifiedHigh
6XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx08/31/2023verifiedHigh
7XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx09/05/2023verifiedHigh
8XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx07/17/2023verifiedHigh
9XXX.XX.XX.XXXxxxx06/18/2024verifiedVery High
10XXX.XXX.XXX.XXXXxxxx06/18/2024verifiedVery High
11XXX.XXX.XX.XXXxxxx06/18/2024verifiedVery High
12XXX.XXX.XXX.XXXxxxx06/18/2024verifiedVery High
13XXX.XXX.XXX.XXXxxxx06/18/2024verifiedVery High
14XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxx.xx.xxXxxxx12/22/2020verifiedLow
15XXX.XX.XXX.XXXxxxx12/22/2020verifiedLow
16XXX.XX.XXX.XXxxxx06/18/2024verifiedHigh
17XXX.XX.XXX.XXXXxxxx12/23/2020verifiedLow
18XXX.XXX.XXX.Xxxxxxx-xx.xxxxxxxxxxx.xxxXxxxx06/18/2024verifiedHigh
19XXX.XXX.XXX.XXxxxx.xxxxx.xx.xxXxxxx12/22/2020verifiedLow
20XXX.XXX.XX.XXXXxxxx06/18/2024verifiedVery High
21XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx06/30/2023verifiedMedium
22XXX.XXX.XXX.XXXXxxxx06/18/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin_manage/deletepredictiveHigh
2File/cgi-bin/activate.cgipredictiveHigh
3File/cgi-bin/system_mgr.cgipredictiveHigh
4File/config/getuserpredictiveHigh
5File/freelance/resume_listpredictiveHigh
6File/HNAP1predictiveLow
7File/my_photo_gallery/image.phppredictiveHigh
8File/reps/classes/Users.php?f=delete_agentpredictiveHigh
9File/s/predictiveLow
10File/uncpath/predictiveMedium
11File/xxxxxx-xxxxxxxx.xxxpredictiveHigh
12File/xxx/xxxx/xxxx_xxxxxpredictiveHigh
13Filexxx.xxxpredictiveLow
14Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
15Filexxxxxx-xxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxx-xxx/xxxx-xxxpredictiveHigh
18Filexxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexx.xxxpredictiveLow
21Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveHigh
23Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictiveHigh
24Filexxxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
32Filexxxxxxxx/xxxx_xxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxx/xxx_xxx.xpredictiveHigh
36Filexxx_xxxxx_xxxx.xpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxx/xxxxx.xpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx/xxxxx/xxxxxx.xxpredictiveHigh
44Filexxx/xxxxx_xxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx.xxxpredictiveLow
48Filexxxxxxxxxx.xxxpredictiveHigh
49FilexxxxxxxpredictiveLow
50File~/xxx/xxxxx.xxxpredictiveHigh
51Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictiveHigh
52Argumentxxxxx_xxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxpredictiveLow
55Argumentxxx_xxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxpredictiveLow
58ArgumentxxxxxxxxpredictiveMedium
59Argumentxxxxx.xxx/xxxxx.xxxxxxpredictiveHigh
60ArgumentxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxpredictiveLow
64Argumentxxxxxxxx=xxx>predictiveHigh
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxx_xxxx_xxxxpredictiveHigh
68Argumentxxxxxxxxx_predictiveMedium
69Argumentxxxxxx_xxxxpredictiveMedium
70ArgumentxxxxxpredictiveLow
71ArgumentxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveHigh
74Argumentxxxx_xxpredictiveLow
75ArgumentxxxpredictiveLow
76Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
77Input Value..\predictiveLow
78Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
79Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictiveHigh
80Network Portxxx/xxxxpredictiveMedium
81Network Portxxx/xxxxpredictiveMedium
82Network Portxxx/xxxxxpredictiveMedium
83Network Portxxx/xxx (xxxx)predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!