KV-Botnet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	30
zh	28
es	8
fr	2
de	2

Country

cn	52
ec	8
us	8

Actors

KV-Botnet	7
Cobalt Strike	2
Pikabot	1
Shuckworm	1

Activities

Interest

Timeline

Type

Not Defined	36
Word Processing Software	2
Domain Name Software	2
WordPress Plugin	2
JavaScript Library	2

Vendor

Not Defined	20
GNU	2
ISC	2
Auerswald	2
HelpSystems	2

Product

GNU Emacs	2
Pluto	2
ISC BIND	2
Auerswald COMfortel 1400 IP	2
Auerswald COMfortel 2600 IP	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	xtemos WoodMart Theme cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2023-32239
2	PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery	5.0	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00054	0.00	CVE-2023-6474
3	Pluto PortletV3AnnotatedDemo information disclosure	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.92403	0.00	CVE-2018-1306
4	vBulletin redirector.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.04	CVE-2018-6200
5	HGiga OAKlouds Mobile Portal Network Interface Card Setting Page os command injection	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00336	0.00	CVE-2021-37913
6	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.18	CVE-2008-5928
7	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.06	CVE-2010-2338
8	ONLYOFFICE Document Server JWT upload pathname traversal	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02823	0.02	CVE-2021-3199
9	No-margin-for-errors prettyPhoto setTimeout cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00255	0.00	CVE-2013-6837
10	AVTECH Room Alert 3E Web Interface improper authentication	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01129	0.02	CVE-2019-13379
11	Host RPC Portmapper Service privileges management	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.19874	0.05	CVE-1999-0632
12	Microsoft Windows NTFS information disclosure	5.1	4.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00047	0.00	CVE-2022-26933
13	Adobe Flash Media Server 2 memory corruption	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.03800	0.00	CVE-2007-6431
14	Oracle Tuxedo OpenSSL out-of-bounds write	9.8	9.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.28939	0.00	CVE-2016-6303
15	Classcms TXT File Upload classupload code injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.04	CVE-2022-25581
16	ThinkPHP Adapter.php deserialization	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00389	0.04	CVE-2021-36564
17	Adobe Flash Player SharedObject memory corruption	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.96927	0.09	CVE-2011-0611
18	Auerswald COMfortel 1400 IP/COMfortel 2600 IP improper authentication	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.19673	0.00	CVE-2021-40856
19	Microsoft Exchange Server information disclosure	5.4	4.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.95847	0.04	CVE-2021-41349
20	GNU Emacs Email enriched.el command injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03127	0.00	CVE-2017-14482

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.11.92.176		KV-Botnet	12/14/2023	verified	High
2	45.32.88.250	45.32.88.250.vultrusercontent.com	KV-Botnet	12/14/2023	verified	High
3	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	02/08/2024	verified	High
4	XX.XXX.XXX.XXX		Xx-xxxxxx	02/08/2024	verified	High
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High
6	XXX.XX.XXX.XXX	xxxxxxx.xx	Xx-xxxxxx	02/08/2024	verified	High
7	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High
8	XXX.XXX.XXX.XX		Xx-xxxxxx	02/08/2024	verified	High
9	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xx-xxxxxx	12/14/2023	verified	High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
11	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/about/../	predictive	Medium
2	File	/out.php	predictive	Medium
3	File	/upload	predictive	Low
4	File	books.php	predictive	Medium
5	File	x:\xxxxx\	predictive	Medium
6	File	xxxx/xxxx.xxx/xxx/xxxxxxx/	predictive	High
7	File	xxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xx	predictive	High
8	File	xxx.xx	predictive	Low
9	File	xxxx/xxxxxxxxx/xxxxxxxx.xx	predictive	High
10	File	xxxxxx-xxxxxxxxxxxx.xxx	predictive	High
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxx.xxx	predictive	Medium
13	File	xxxxxxxxxx.xxx	predictive	High
14	File	xxx/xxx/xxxxxx.xxx	predictive	High
15	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxx	predictive	High
16	File	\xxxxx\xxxxxxxxxxx	predictive	High
17	Argument	xxxxxx	predictive	Low
18	Argument	xxxxxxx-xxxxxxxxxxx	predictive	High
19	Argument	xxxxxxxxxx	predictive	Medium
20	Argument	xx	predictive	Low
21	Argument	xxxx xxxxxxx	predictive	Medium
22	Argument	xx	predictive	Low
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xxxx	predictive	Low
25	Argument	xxx	predictive	Low
26	Argument	xxxxxxx_xxxxxx[]	predictive	High
27	Argument	xxxxxxx_xxx	predictive	Medium
28	Argument	xxxxxx	predictive	Low
29	Argument	xxx	predictive	Low
30	Argument	xxxxx	predictive	Low
31	Input Value	../	predictive	Low
32	Network Port	xxx/xxxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!