Elknot 解析
IOB - Indicator of Behavior (1)
アクティビティ
IOC - Indicator of Compromise (3)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
| ID | IPアドレス | Hostname | アクター | キャンペーン | Identified | タイプ | 信頼度 |
|---|---|---|---|---|---|---|---|
| 1 | 115.231.218.64 | Elknot | 2022年02月11日 | verified | 高 | ||
| 2 | XXX.XX.XXX.X | Xxxxxx | 2022年02月09日 | verified | 高 | ||
| 3 | XXX.XX.XXX.XXX | xxx.xx.xxx.xxx.xxxxxx.xxxxxxxxx.xxx | Xxxxxx | 2022年02月09日 | verified | 高 |
TTP - Tactics, Techniques, Procedures (1)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
| ID | Technique | 脆弱性 | アクセスベクター | タイプ | 信頼度 |
|---|---|---|---|---|---|
| 1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | predictive | 高 |
参考 (3)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.netlab.360.com/new-elknot-billgates-variant-with-xor-like-c2-configuration-encryption-scheme/
- xxxxx://xxxx.xxxxxx.xxx.xxx/xx-xxxx-xxx-xxxxx-xxx-xx-xx-xxxxxxxx-xxxx-xxxxxxxxxxxx-xxxx-xxxxx-xx-xxx-xx-xx-xxxx-xx-xxx-xxx-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxx