Elknot Analyse
IOB - Indicator of Behavior (1)
Aktivitäten
IOC - Indicator of Compromise (3)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
| ID | IP-Adresse | Hostname | Akteur | Kampagnen | Identifiziert | Typ | Akzeptanz |
|---|---|---|---|---|---|---|---|
| 1 | 115.231.218.64 | Elknot | 11.02.2022 | verifiziert | High | ||
| 2 | XXX.XX.XXX.X | Xxxxxx | 09.02.2022 | verifiziert | High | ||
| 3 | XXX.XX.XXX.XXX | xxx.xx.xxx.xxx.xxxxxx.xxxxxxxxx.xxx | Xxxxxx | 09.02.2022 | verifiziert | High |
TTP - Tactics, Techniques, Procedures (1)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
| ID | Technique | Schwachstellen | Zugriffsart | Typ | Akzeptanz |
|---|---|---|---|---|---|
| 1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | prädiktiv | High |
Referenzen (3)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.netlab.360.com/new-elknot-billgates-variant-with-xor-like-c2-configuration-encryption-scheme/
- https://blog.netlab.360.com/yi-jing-you-xxxge-jia-zu-de-botnetli-yong-log4shelllou-dong-chuan-bo-wei-da-bu-ding-de-gan-jin-liao/
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Elknot