Konni Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Cronología

Idioma

en20
es2

País

us6
ru2
gb2

Actores

Konni4
RecordBreaker3
Cobalt Strike3
RedLine Stealer2
Vidar2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined6
Web Browser4
Firewall Software2
Customer Relationship Management System2
Router Operating System2

Proveedor

Not Defined8
Google4
Cisco2
Microsoft2
MailEnable2

Producto

Google Chrome4
PHProxy2
Roku2
Roku TV2
Smarty2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Bitcoin wallet.dat AES Encryption Padding cifrado débil7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
2Google Chrome WebGL desbordamiento de búfer7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001150.03CVE-2023-4072
3MailEnable Enterprise Premium Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000920.00CVE-2019-12927
4Smarty escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.062680.00CVE-2014-8350
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
6Google Chrome Index DB desbordamiento de búfer6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
7Citrix ShareFile Storage Zones Controller escalada de privilegios7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.015290.02CVE-2021-22941
8Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k y más$5k-$25kProof-of-ConceptOfficial Fix0.052520.02CVE-2021-34535
9OpenX File Upload banner-edit.php escalada de privilegios6.36.3$0-$5k$0-$5kHighNot Defined0.128300.02CVE-2009-4098
10D-Link DIR-600M C1 wan.htm autenticación débil8.58.4$5k-$25k$0-$5kNot DefinedWorkaround0.004320.02CVE-2019-7736
11Apple iOS/iPadOS Kernel divulgación de información3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.007780.00CVE-2020-27950
12PHProxy Hotlinking Prevention escalada de privilegios6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Linux Kernel blktrace.c __blk_add_trace desbordamiento de búfer7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.009680.04CVE-2019-19768
14Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.02CVE-2009-4889
15Microsoft .NET Framework Code Access Security cifrado débil9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001630.08CVE-2008-5100
16Adobe Acrobat Reader desbordamiento de búfer8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.011120.00CVE-2019-8257
17Sir GNUboard sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
18Roku/Roku TV External Control API DNS Rebinding escalada de privilegios8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.003160.00CVE-2018-11314
19ThinkCMF ProfileController.class.php do_avatar directory traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000610.00CVE-2018-16141
20Cisco Linksys Router tmUnblock.cgi escalada de privilegios9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
131.170.160.129Konni2020-12-23verifiedAlto
231.170.162.63Konni2020-12-23verifiedAlto
331.170.163.30cpl07.main-hosting.euKonni2020-12-23verifiedAlto
4XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023-09-05verifiedAlto
5XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023-08-31verifiedAlto
6XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023-09-05verifiedAlto
7XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023-07-17verifiedAlto
8XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxx.xx.xxXxxxx2020-12-22verifiedAlto
9XXX.XX.XXX.XXXxxxx2020-12-22verifiedAlto
10XXX.XX.XXX.XXXXxxxx2020-12-23verifiedAlto
11XXX.XXX.XXX.XXxxxx.xxxxx.xx.xxXxxxx2020-12-22verifiedAlto
12XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023-06-30verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/uncpath/predictiveMedio
2Fileapplication\User\Controller\ProfileController.class.phppredictiveAlto
3Filebanner-edit.phppredictiveAlto
4Filexxxxx.xxxpredictiveMedio
5Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveAlto
6Filexxxxxxxxx.xxxpredictiveAlto
7Filexxxxxx.xxxpredictiveMedio
8Filexxx.xxxpredictiveBajo
9ArgumentxxxxxxpredictiveBajo
10ArgumentxxxxxxxpredictiveBajo
11ArgumentxxxxxxpredictiveBajo
12Argumentxxxxxxxx=xxx>predictiveAlto
13Argumentxxxx_xxpredictiveBajo
14Input Value..\predictiveBajo
15Network Portxxx/xxxxpredictiveMedio

Referencias (7)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!