KV-Botnet Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (74)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	36
zh	24
es	10
de	2
fr	2

Country

CN: China	44
US: USA	16
EC: Ecuador	8
HK: Hong Kong	2
RU: Russia	2

Actors

KV-Botnet	6
Cobalt Strike	2
Volt Typhoon	2
MooBot	1
Stealc	1

Activities

Interest

Timeline

Type

Not Defined	34
Groupware Software	6
File Transfer Software	2
WordPress Plugin	2
Multimedia Player Software	2

Vendor

Not Defined	24
QNAP	4
Apache	4
GNU	4
CVS	2

Product

QNAP NVR Storage Expansion	4
vsftpd	2
WebSVN	2
CVS Pserver	2
xtemos WoodMart Theme	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	xtemos WoodMart Theme cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00115	0.00	CVE-2023-32239
2	PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery	5.0	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00090	0.02	CVE-2023-6474
3	Pluto PortletV3AnnotatedDemo information disclosure	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	possible	0.69813	0.00	CVE-2018-1306
4	vBulletin redirector.php	6.6	6.6	$0-$5k	$0-$5k	Not defined	Not defined		0.18777	0.05	CVE-2018-6200
5	HGiga OAKlouds Mobile Portal Network Interface Card Setting Page os command injection	9.8	9.6	$0-$5k	$0-$5k	Not defined	Not defined		0.05681	0.00	CVE-2021-37913
6	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	possible	0.00202	0.04	CVE-2008-5928
7	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	possible	0.01232	0.03	CVE-2010-2338
8	code-projects Job Recruitment _feedback_system.php sql injection	7.5	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00010	0.00	CVE-2025-0168
9	Discuz misc.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00274	0.04	CVE-2024-30884
10	Zimbra Collaboration Suite file inclusion	5.9	5.8	$0-$5k	$0-$5k	Not defined	Official fix		0.00348	0.07	CVE-2024-33535
11	Linux Kernel IPv4 Networking Stack af_inet.c inet_sock_destruct double free	5.5	5.5	$5k-$25k	$5k-$25k	Not defined	Not defined		0.00000	0.05	CVE-2024-1627
12	ONLYOFFICE Document Server JWT upload pathname traversal	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.06758	0.00	CVE-2021-3199
13	No-margin-for-errors prettyPhoto setTimeout cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not defined	Official fix		0.00596	0.07	CVE-2013-6837
14	AVTECH Room Alert 3E Web Interface cmd.cgi improper authentication	8.0	7.9	$0-$5k	$0-$5k	Not defined	Official fix		0.08813	0.00	CVE-2019-13379
15	Host RPC Portmapper Service privileges management	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	possible	0.00610	0.06	CVE-1999-0632
16	Microsoft Windows NTFS information disclosure	5.1	4.7	$25k-$100k	$0-$5k	Unproven	Official fix		0.00530	0.00	CVE-2022-26933
17	Adobe Flash Media Server 2 memory corruption	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official fix		0.06510	0.05	CVE-2007-6431
18	Oracle Tuxedo OpenSSL out-of-bounds write	9.8	9.7	$25k-$100k	$0-$5k	Not defined	Official fix		0.14704	0.00	CVE-2016-6303
19	Classcms TXT File Upload classupload code injection	5.5	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00467	0.07	CVE-2022-25581
20	ThinkPHP Adapter.php deserialization	7.6	7.6	$0-$5k	$0-$5k	Not defined	Not defined		0.01097	0.00	CVE-2021-36564

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.11.92.176		KV-Botnet	12/14/2023	verified	High
2	45.32.88.250	45.32.88.250.vultrusercontent.com	KV-Botnet	12/14/2023	verified	High
3	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	02/08/2024	verified	High
4	XX.XXX.XXX.XXX		Xx-xxxxxx	02/08/2024	verified	High
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High
6	XXX.XX.XXX.XXX	xxxxxxx.xx	Xx-xxxxxx	02/08/2024	verified	High
7	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High
8	XXX.XXX.XXX.XX		Xx-xxxxxx	02/08/2024	verified	High
9	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX		CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CAPEC-XX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
11	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/about/../	predictive	Medium
2	File	/out.php	predictive	Medium
3	File	/upload	predictive	Low
4	File	/_parse/_feedback_system.php	predictive	High
5	File	books.php	predictive	Medium
6	File	x:\xxxxx\	predictive	Medium
7	File	xxxx/xxxx.xxx/xxx/xxxxxxx/	predictive	High
8	File	xxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xx	predictive	High
9	File	xxx.xx	predictive	Low
10	File	xxxx/xxxxxxxxx/xxxxxxxx.xx	predictive	High
11	File	xxxxxx-xxxxxxxxxxxx.xxx	predictive	High
12	File	xxxx.xxx	predictive	Medium
13	File	xxx/xxxx/xx_xxxx.x	predictive	High
14	File	xxxxx.xxx	predictive	Medium
15	File	xxxxx.xxx	predictive	Medium
16	File	xxxxxxxxxx.xxx	predictive	High
17	File	xxx/xxx/xxxxxx.xxx	predictive	High
18	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxx	predictive	High
19	File	\xxxxx\xxxxxxxxxxx	predictive	High
20	Argument	xxxxxx	predictive	Low
21	Argument	xxxxxxx-xxxxxxxxxxx	predictive	High
22	Argument	xxxxxxxxxx	predictive	Medium
23	Argument	xx	predictive	Low
24	Argument	xxxx xxxxxxx	predictive	Medium
25	Argument	xx	predictive	Low
26	Argument	xxxxxxxx	predictive	Medium
27	Argument	xxxx	predictive	Low
28	Argument	xxxxxx	predictive	Low
29	Argument	xxx	predictive	Low
30	Argument	xxxxxxxxxxxx	predictive	Medium
31	Argument	xxxxxxx_xxxxxx[]	predictive	High
32	Argument	xxxxxxx_xxx	predictive	Medium
33	Argument	xxxxxx	predictive	Low
34	Argument	xxx	predictive	Low
35	Argument	xxxxx	predictive	Low
36	Input Value	../	predictive	Low
37	Network Port	xxx/xxxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!