Konni Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us6
gb2
fi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Konni4
Cobalt Strike3
RecordBreaker3
Raccoon2
FAKEUPDATES2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Web Browser4
Firewall Software2
Web Server2
Customer Relationship Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Microsoft4
Google4
Basti2web2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome4
PHProxy2
Roku2
Roku TV2
Basti2web Book Panel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
2Google Chrome WebGL out-of-bounds write7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001150.04CVE-2023-4072
3MailEnable Enterprise Premium Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000920.00CVE-2019-12927
4Smarty code injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.058380.00CVE-2014-8350
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.17CVE-2017-0055
6Google Chrome Index DB use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
7Citrix ShareFile Storage Zones Controller access control7.37.0$5k-$25k$0-$5kHighOfficial Fix0.014730.00CVE-2021-22941
8Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.064170.02CVE-2021-34535
9OpenX File Upload banner-edit.php input validation6.36.3$0-$5k$0-$5kHighNot Defined0.128300.02CVE-2009-4098
10D-Link DIR-600M C1 wan.htm improper authentication8.58.4$5k-$25k$0-$5kNot DefinedWorkaround0.004320.02CVE-2019-7736
11Apple iOS/iPadOS Kernel information disclosure3.33.2$5k-$25k$0-$5kHighOfficial Fix0.007780.00CVE-2020-27950
12PHProxy Hotlinking Prevention privileges management6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Linux Kernel blktrace.c __blk_add_trace use after free7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.009680.00CVE-2019-19768
14Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
15Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.001630.11CVE-2008-5100
16Adobe Acrobat Reader use after free8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010930.00CVE-2019-8257
17Sir GNUboard sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
18Roku/Roku TV External Control API DNS Rebinding input validation8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.003160.04CVE-2018-11314
19ThinkCMF ProfileController.class.php do_avatar path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000610.00CVE-2018-16141
20Cisco Linksys Router tmUnblock.cgi privileges management9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.170.160.129Konni12/23/2020verifiedHigh
231.170.162.63Konni12/23/2020verifiedHigh
331.170.163.30cpl07.main-hosting.euKonni12/23/2020verifiedHigh
4XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx09/05/2023verifiedHigh
5XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx08/31/2023verifiedHigh
6XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx09/05/2023verifiedHigh
7XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx07/17/2023verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxx.xx.xxXxxxx12/22/2020verifiedHigh
9XXX.XX.XXX.XXXxxxx12/22/2020verifiedHigh
10XXX.XX.XXX.XXXXxxxx12/23/2020verifiedHigh
11XXX.XXX.XXX.XXxxxx.xxxxx.xx.xxXxxxx12/22/2020verifiedHigh
12XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx06/30/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileapplication\User\Controller\ProfileController.class.phppredictiveHigh
3Filebanner-edit.phppredictiveHigh
4Filexxxxx.xxxpredictiveMedium
5Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxxxxx.xxxpredictiveMedium
8Filexxx.xxxpredictiveLow
9ArgumentxxxxxxpredictiveLow
10ArgumentxxxxxxxpredictiveLow
11ArgumentxxxxxxpredictiveLow
12Argumentxxxxxxxx=xxx>predictiveHigh
13Argumentxxxx_xxpredictiveLow
14Input Value..\predictiveLow
15Network Portxxx/xxxxpredictiveMedium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!