Konni 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

タイムライン

言語

en22

国・地域

us6
gb4
fi2

アクター

Konni4
Cobalt Strike3
RecordBreaker3
Raccoon2
FAKEUPDATES2

アクティビティ

関心

タイムライン

タイプ

Not Defined4
Operating System4
Router Operating System2
Document Reader Software2
Smartphone Operating System2

ベンダー

Microsoft6
D-Link2
Adobe2
Apple2
Sir2

製品

Microsoft Windows4
D-Link DIR-600M C12
Adobe Acrobat Reader2
Apple iOS2
Apple iPadOS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Bitcoin wallet.dat AES Encryption Padding 弱い暗号化7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.14
2Google Chrome WebGL メモリ破損7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001150.04CVE-2023-4072
3MailEnable Enterprise Premium Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000920.00CVE-2019-12927
4Smarty 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.062680.00CVE-2014-8350
5Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
6Google Chrome Index DB メモリ破損6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
7Citrix ShareFile Storage Zones Controller 特権昇格7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.015290.02CVE-2021-22941
8Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k 以上$5k-$25kProof-of-ConceptOfficial Fix0.052520.02CVE-2021-34535
9OpenX File Upload banner-edit.php 特権昇格6.36.3$0-$5k$0-$5kHighNot Defined0.128300.02CVE-2009-4098
10D-Link DIR-600M C1 wan.htm 弱い認証8.58.4$5k-$25k$0-$5kNot DefinedWorkaround0.004320.02CVE-2019-7736
11Apple iOS/iPadOS Kernel 情報の漏洩3.33.2$5k-$25k$0-$5kHighOfficial Fix0.007780.00CVE-2020-27950
12PHProxy Hotlinking Prevention 特権昇格6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Linux Kernel blktrace.c __blk_add_trace メモリ破損7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.009680.00CVE-2019-19768
14Basti2web Book Panel books.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.03CVE-2009-4889
15Microsoft .NET Framework Code Access Security 弱い暗号化9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.001630.03CVE-2008-5100
16Adobe Acrobat Reader メモリ破損8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011120.00CVE-2019-8257
17Sir GNUboard SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
18Roku/Roku TV External Control API DNS Rebinding 特権昇格8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.003160.00CVE-2018-11314
19ThinkCMF ProfileController.class.php do_avatar ディレクトリトラバーサル5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000610.00CVE-2018-16141
20Cisco Linksys Router tmUnblock.cgi 特権昇格9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.170.160.129Konni2020年12月23日verified
231.170.162.63Konni2020年12月23日verified
331.170.163.30cpl07.main-hosting.euKonni2020年12月23日verified
4XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023年09月05日verified
5XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023年08月31日verified
6XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023年09月05日verified
7XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023年07月17日verified
8XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxx.xx.xxXxxxx2020年12月22日verified
9XXX.XX.XXX.XXXxxxx2020年12月22日verified
10XXX.XX.XXX.XXXXxxxx2020年12月23日verified
11XXX.XXX.XXX.XXxxxx.xxxxx.xx.xxXxxxx2020年12月22日verified
12XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx2023年06月30日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/uncpath/predictive
2Fileapplication\User\Controller\ProfileController.class.phppredictive
3Filebanner-edit.phppredictive
4Filexxxxx.xxxpredictive
5Filexxxxxx/xxxxx/xxxxxxxx.xpredictive
6Filexxxxxxxxx.xxxpredictive
7Filexxxxxx.xxxpredictive
8Filexxx.xxxpredictive
9Argumentxxxxxxpredictive
10Argumentxxxxxxxpredictive
11Argumentxxxxxxpredictive
12Argumentxxxxxxxx=xxx>predictive
13Argumentxxxx_xxpredictive
14Input Value..\predictive
15Network Portxxx/xxxxpredictive

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!