Elknot تحليل
IOB - Indicator of Behavior (1)
النشاطات
IOC - Indicator of Compromise (3)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
| ID | عنوان بروتوكول الإنترنت | Hostname | ممثل | حملات | Identified | النوع | الثقة |
|---|---|---|---|---|---|---|---|
| 1 | 115.231.218.64 | Elknot | 11/02/2022 | verified | عالي | ||
| 2 | XXX.XX.XXX.X | Xxxxxx | 09/02/2022 | verified | عالي | ||
| 3 | XXX.XX.XXX.XXX | xxx.xx.xxx.xxx.xxxxxx.xxxxxxxxx.xxx | Xxxxxx | 09/02/2022 | verified | عالي |
TTP - Tactics, Techniques, Procedures (1)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
| ID | Technique | الثغرات | متجه الوصول | النوع | الثقة |
|---|---|---|---|---|---|
| 1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | predictive | عالي |
المصادر (3)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.netlab.360.com/new-elknot-billgates-variant-with-xor-like-c2-configuration-encryption-scheme/
- xxxxx://xxxx.xxxxxx.xxx.xxx/xx-xxxx-xxx-xxxxx-xxx-xx-xx-xxxxxxxx-xxxx-xxxxxxxxxxxx-xxxx-xxxxx-xx-xxx-xx-xx-xxxx-xx-xxx-xxx-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxx