KV-Botnet Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Tidslinje

Lang

en32
zh26
es8
de2
fr2

Land

cn48
us14
ec6
ru2

Skådespelare

KV-Botnet6
Cobalt Strike2
Pikabot1
Shuckworm1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined38
Groupware Software2
Database Software2
Word Processing Software2
WordPress Plugin2

Säljare

Not Defined24
Apache4
GNU4
VMware2
Vunet2

Produkt

Apache MyFaces2
VMware Zimbra2
Vunet VU Web Visitor Analyst2
FLDS2
MariaDB2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1xtemos WoodMart Theme cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-32239
2PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php förfalskning på begäran över webbplatsen5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.09CVE-2023-6474
3Pluto PortletV3AnnotatedDemo informationsgivning6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.924030.00CVE-2018-1306
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
5HGiga OAKlouds Mobile Portal Network Interface Card Setting Page privilegier eskalering9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.003360.00CVE-2021-37913
6FLDS redir.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.002030.44CVE-2008-5928
7Vunet VU Web Visitor Analyst redir.asp sql injektion7.37.1$0-$5k$0-$5kHighWorkaround0.001190.15CVE-2010-2338
8ONLYOFFICE Document Server JWT upload kataloggenomgång8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028230.02CVE-2021-3199
9No-margin-for-errors prettyPhoto setTimeout cross site scripting4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002550.02CVE-2013-6837
10AVTECH Room Alert 3E Web Interface svag autentisering8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.011290.02CVE-2019-13379
11Host RPC Portmapper Service privilegier eskalering7.37.1$0-$5k$0-$5kHighWorkaround0.198740.00CVE-1999-0632
12Microsoft Windows NTFS informationsgivning5.14.7$25k-$100k$0-$5kUnprovenOfficial Fix0.000610.00CVE-2022-26933
13Adobe Flash Media Server 2 minneskorruption10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.038000.00CVE-2007-6431
14Oracle Tuxedo OpenSSL minneskorruption9.89.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.289390.00CVE-2016-6303
15Classcms TXT File Upload classupload privilegier eskalering5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2022-25581
16ThinkPHP Adapter.php privilegier eskalering7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003890.04CVE-2021-36564
17Adobe Flash Player SharedObject minneskorruption7.37.0$25k-$100k$0-$5kHighOfficial Fix0.971640.09CVE-2011-0611
18Auerswald COMfortel 1400 IP/COMfortel 2600 IP svag autentisering6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.196730.00CVE-2021-40856
19Microsoft Exchange Server informationsgivning5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.961720.04CVE-2021-41349
20GNU Emacs Email enriched.el privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.031270.00CVE-2017-14482

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.11.92.176KV-Botnet14/12/2023verifiedHög
245.32.88.25045.32.88.250.vultrusercontent.comKV-Botnet14/12/2023verifiedHög
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx08/02/2024verifiedHög
4XX.XXX.XXX.XXXXx-xxxxxx08/02/2024verifiedHög
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedHög
6XXX.XX.XXX.XXXxxxxxxx.xxXx-xxxxxx08/02/2024verifiedHög
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedHög
8XXX.XXX.XXX.XXXx-xxxxxx08/02/2024verifiedHög
9XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXx-xxxxxx14/12/2023verifiedHög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-119, CWE-121, CWE-287, CWE-352, CWE-404, CWE-502, CWE-693, CWE-787, CWE-862, CWE-863Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
10TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
12TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/about/../predictiveMedium
2File/out.phppredictiveMedium
3File/uploadpredictiveLåg
4Filebooks.phppredictiveMedium
5Filex:\xxxxx\predictiveMedium
6Filexxxx/xxxx.xxx/xxx/xxxxxxx/predictiveHög
7Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveHög
8Filexxx.xxpredictiveLåg
9Filexxxx/xxxxxxxxx/xxxxxxxx.xxpredictiveHög
10Filexxxxxx-xxxxxxxxxxxx.xxxpredictiveHög
11Filexxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxxxxxx.xxxpredictiveHög
14Filexxx/xxx/xxxxxx.xxxpredictiveHög
15Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxxpredictiveHög
16File\xxxxx\xxxxxxxxxxxpredictiveHög
17ArgumentxxxxxxpredictiveLåg
18Argumentxxxxxxx-xxxxxxxxxxxpredictiveHög
19ArgumentxxxxxxxxxxpredictiveMedium
20ArgumentxxpredictiveLåg
21Argumentxxxx xxxxxxxpredictiveMedium
22ArgumentxxpredictiveLåg
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxpredictiveLåg
25ArgumentxxxpredictiveLåg
26Argumentxxxxxxx_xxxxxx[]predictiveHög
27Argumentxxxxxxx_xxxpredictiveMedium
28ArgumentxxxxxxpredictiveLåg
29ArgumentxxxpredictiveLåg
30ArgumentxxxxxpredictiveLåg
31Input Value../predictiveLåg
32Network Portxxx/xxxxpredictiveMedium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!