KV-Botnet Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Curso de tempo

Idioma

en34
zh28
es4
de2
fr2

País

cn50
us12
ec4
ru2
hk2

Actores

KV-Botnet8
Cobalt Strike2
Pikabot1
Shuckworm1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined34
WordPress Plugin4
Smartwatch Operating System2
Operating System2
Testing Software2

Fabricante

Not Defined22
Apple4
Apache4
Microsoft2
SerComm2

Produto

SaltStack Salt4
Apple watchOS2
cgit2
FLDS2
Microsoft Windows2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1xtemos WoodMart Theme Roteiro Cruzado de Sítios4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-32239
2PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php Falsificação de Pedido Cross Site5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.04CVE-2023-6474
3Pluto PortletV3AnnotatedDemo Divulgação de Informação6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.924030.00CVE-2018-1306
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
5HGiga OAKlouds Mobile Portal Network Interface Card Setting Page direitos alargados9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.003360.00CVE-2021-37913
6FLDS redir.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.002030.22CVE-2008-5928
7Vunet VU Web Visitor Analyst redir.asp Injecção SQL7.37.1$0-$5k$0-$5kHighWorkaround0.001190.35CVE-2010-2338
8ONLYOFFICE Document Server JWT upload Directório Traversal8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028230.02CVE-2021-3199
9No-margin-for-errors prettyPhoto setTimeout Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002550.02CVE-2013-6837
10AVTECH Room Alert 3E Web Interface Fraca autenticação8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.011290.02CVE-2019-13379
11Host RPC Portmapper Service direitos alargados7.37.1$0-$5k$0-$5kHighWorkaround0.198740.00CVE-1999-0632
12Microsoft Windows NTFS Divulgação de Informação5.14.7$25k-$100k$0-$5kUnprovenOfficial Fix0.000610.00CVE-2022-26933
13Adobe Flash Media Server 2 Excesso de tampão10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.038000.00CVE-2007-6431
14Oracle Tuxedo OpenSSL Excesso de tampão9.89.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.289390.00CVE-2016-6303
15Classcms TXT File Upload classupload direitos alargados5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2022-25581
16ThinkPHP Adapter.php direitos alargados7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003890.04CVE-2021-36564
17Adobe Flash Player SharedObject Excesso de tampão7.37.0$25k-$100k$0-$5kHighOfficial Fix0.971640.17CVE-2011-0611
18Auerswald COMfortel 1400 IP/COMfortel 2600 IP Fraca autenticação6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.196730.00CVE-2021-40856
19Microsoft Exchange Server Divulgação de Informação5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.961720.04CVE-2021-41349
20GNU Emacs Email enriched.el direitos alargados7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.031270.00CVE-2017-14482

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
145.11.92.176KV-Botnet14/12/2023verifiedAlto
245.32.88.25045.32.88.250.vultrusercontent.comKV-Botnet14/12/2023verifiedAlto
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx08/02/2024verifiedAlto
4XX.XXX.XXX.XXXXx-xxxxxx08/02/2024verifiedAlto
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedAlto
6XXX.XX.XXX.XXXxxxxxxx.xxXx-xxxxxx08/02/2024verifiedAlto
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedAlto
8XXX.XXX.XXX.XXXx-xxxxxx08/02/2024verifiedAlto
9XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/about/../predictiveMédio
2File/out.phppredictiveMédio
3File/uploadpredictiveBaixo
4Filebooks.phppredictiveMédio
5Filex:\xxxxx\predictiveMédio
6Filexxxx/xxxx.xxx/xxx/xxxxxxx/predictiveAlto
7Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveAlto
8Filexxx.xxpredictiveBaixo
9Filexxxx/xxxxxxxxx/xxxxxxxx.xxpredictiveAlto
10Filexxxxxx-xxxxxxxxxxxx.xxxpredictiveAlto
11Filexxxxx.xxxpredictiveMédio
12Filexxxxx.xxxpredictiveMédio
13Filexxxxxxxxxx.xxxpredictiveAlto
14Filexxx/xxx/xxxxxx.xxxpredictiveAlto
15Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxxpredictiveAlto
16File\xxxxx\xxxxxxxxxxxpredictiveAlto
17ArgumentxxxxxxpredictiveBaixo
18Argumentxxxxxxx-xxxxxxxxxxxpredictiveAlto
19ArgumentxxxxxxxxxxpredictiveMédio
20ArgumentxxpredictiveBaixo
21Argumentxxxx xxxxxxxpredictiveMédio
22ArgumentxxpredictiveBaixo
23ArgumentxxxxxxxxpredictiveMédio
24ArgumentxxxxpredictiveBaixo
25ArgumentxxxpredictiveBaixo
26Argumentxxxxxxx_xxxxxx[]predictiveAlto
27Argumentxxxxxxx_xxxpredictiveMédio
28ArgumentxxxxxxpredictiveBaixo
29ArgumentxxxpredictiveBaixo
30ArgumentxxxxxpredictiveBaixo
31Input Value../predictiveBaixo
32Network Portxxx/xxxxpredictiveMédio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!