Konni Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Idioma

en	20
es	2

País

us	6
gb	2
ru	2
fi	2
cn	2

Actores

Konni	4
Cobalt Strike	3
RecordBreaker	3
Raccoon	2
FAKEUPDATES	2

Interesse

Tipo

Not Defined	4
Firewall Software	2
Web Server	2
Forum Software	2
Document Reader Software	2

Fabricante

Not Defined	8
Microsoft	2
Sir	2
Adobe	2
Cisco	2

Produto

PHProxy	2
Microsoft IIS	2
Sir GNUboard	2
ThinkCMF	2
Adobe Acrobat Reader	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Bitcoin wallet.dat AES Encryption Padding Encriptação fraca	7.1	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
2	Google Chrome WebGL Excesso de tampão	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00115	0.03	CVE-2023-4072
3	MailEnable Enterprise Premium Stored Roteiro Cruzado de Sítios	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00092	0.00	CVE-2019-12927
4	Smarty direitos alargados	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06268	0.00	CVE-2014-8350
5	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.21	CVE-2017-0055
6	Google Chrome Index DB Excesso de tampão	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00238	0.00	CVE-2022-1853
7	Citrix ShareFile Storage Zones Controller direitos alargados	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01529	0.02	CVE-2021-22941
8	Microsoft Windows Remote Desktop Client Remote Code Execution	8.8	7.9	$100k e mais	$5k-$25k	Proof-of-Concept	Official Fix	0.05252	0.02	CVE-2021-34535
9	OpenX File Upload banner-edit.php direitos alargados	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.12830	0.02	CVE-2009-4098
10	D-Link DIR-600M C1 wan.htm Fraca autenticação	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00432	0.02	CVE-2019-7736
11	Apple iOS/iPadOS Kernel Divulgação de Informação	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00778	0.00	CVE-2020-27950
12	PHProxy Hotlinking Prevention direitos alargados	6.3	5.6	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
13	Linux Kernel blktrace.c __blk_add_trace Excesso de tampão	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00968	0.00	CVE-2019-19768
14	Basti2web Book Panel books.php Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.02	CVE-2009-4889
15	Microsoft .NET Framework Code Access Security Encriptação fraca	9.8	9.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00163	0.04	CVE-2008-5100
16	Adobe Acrobat Reader Excesso de tampão	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01112	0.00	CVE-2019-8257
17	Sir GNUboard Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.00	CVE-2014-2339
18	Roku/Roku TV External Control API DNS Rebinding direitos alargados	8.3	8.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00316	0.00	CVE-2018-11314
19	ThinkCMF ProfileController.class.php do_avatar Directório Traversal	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00061	0.00	CVE-2018-16141
20	Cisco Linksys Router tmUnblock.cgi direitos alargados	9.8	9.2	$25k-$100k	$0-$5k	High	Workaround	0.00000	0.00

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	31.170.160.129		Konni	23/12/2020	verified	Alto
2	31.170.162.63		Konni	23/12/2020	verified	Alto
3	31.170.163.30	cpl07.main-hosting.eu	Konni	23/12/2020	verified	Alto
4	XX.XXX.XXX.XX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	05/09/2023	verified	Alto
5	XX.XXX.XXX.XX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	31/08/2023	verified	Alto
6	XX.XXX.XXX.XX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	05/09/2023	verified	Alto
7	XX.XXX.XXX.XXX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	17/07/2023	verified	Alto
8	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxxx.xx.xx	Xxxxx	22/12/2020	verified	Alto
9	XXX.XX.XXX.XX		Xxxxx	22/12/2020	verified	Alto
10	XXX.XX.XXX.XXX		Xxxxx	23/12/2020	verified	Alto
11	XXX.XXX.XXX.XX	xxxx.xxxxx.xx.xx	Xxxxx	22/12/2020	verified	Alto
12	XXX.XXX.XXX.XXX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	30/06/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/uncpath/	predictive	Médio
2	File	application\User\Controller\ProfileController.class.php	predictive	Alto
3	File	banner-edit.php	predictive	Alto
4	File	xxxxx.xxx	predictive	Médio
5	File	xxxxxx/xxxxx/xxxxxxxx.x	predictive	Alto
6	File	xxxxxxxxx.xxx	predictive	Alto
7	File	xxxxxx.xxx	predictive	Médio
8	File	xxx.xxx	predictive	Baixo
9	Argument	xxxxxx	predictive	Baixo
10	Argument	xxxxxxx	predictive	Baixo
11	Argument	xxxxxx	predictive	Baixo
12	Argument	xxxxxxxx=xxx>	predictive	Alto
13	Argument	xxxx_xx	predictive	Baixo
14	Input Value	..\	predictive	Baixo
15	Network Port	xxx/xxxx	predictive	Médio

Referências (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!