Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Kovter
History
Marc Ruef e8e862b297 Update 2022-08-02 10:09:08 +02:00
..
README.md Update 2022-08-02 10:09:08 +02:00

README.md

Kovter - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Kovter. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.kovter

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kovter:

There are 1 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Kovter.

ID IP address Hostname Campaign Confidence
1 1.50.235.118 - - High
2 1.75.211.46 sp1-75-211-46.msb.spmode.ne.jp - High
3 1.165.149.97 1-165-149-97.dynamic-ip.hinet.net - High
4 1.250.189.144 - - High
5 1.252.56.226 - - High
6 2.28.17.56 - - High
7 2.92.35.198 - - High
8 2.221.237.157 02dded9d.bb.sky.com - High
9 3.38.44.212 ec2-3-38-44-212.ap-northeast-2.compute.amazonaws.com - Medium
10 3.153.146.93 - - High
11 4.10.135.44 - - High
12 4.13.217.120 - - High
13 4.17.110.85 - - High
14 4.207.47.213 - - High
15 4.213.232.24 - - High
16 4.241.178.108 - - High
17 5.54.132.49 ppp005054132049.access.hol.gr - High
18 5.107.225.199 - - High
19 5.132.76.153 153-76-132-5.ftth.glasoperator.nl - High
20 5.234.59.44 - - High
21 6.22.73.16 - - High
22 6.22.113.129 - - High
23 6.40.66.225 - - High
24 6.104.211.114 - - High
25 6.161.208.50 - - High
26 6.172.110.228 - - High
27 6.206.4.223 - - High
28 6.213.48.113 - - High
29 6.214.160.88 - - High
30 7.83.197.163 - - High
31 7.184.47.209 - - High
32 7.200.105.154 - - High
33 8.49.254.225 - - High
34 8.51.40.103 - - High
35 8.65.254.19 - - High
36 9.10.183.131 - - High
37 9.82.17.148 - - High
38 9.127.28.179 - - High
39 9.194.229.75 - - High
40 9.218.236.60 - - High
41 10.212.55.75 - - High
42 11.19.158.101 - - High
43 11.96.243.42 - - High
44 11.136.96.41 - - High
45 11.162.16.81 - - High
46 11.203.250.41 - - High
47 11.253.136.175 - - High
48 12.58.62.253 - - High
49 12.141.6.226 - - High
50 12.150.168.133 - - High
51 13.128.69.186 - - High
52 13.165.21.12 - - High
53 14.64.130.197 - - High
54 14.73.200.171 - - High
55 14.252.183.4 static.vnpt.vn - High
56 15.20.52.109 - - High
57 15.139.129.226 - - High
58 15.155.62.37 - - High
59 15.198.236.200 - - High
60 15.253.169.20 ec2-15-253-169-20.us-west-2.compute.amazonaws.com - Medium
61 15.254.97.89 ec2-15-254-97-89.us-west-2.compute.amazonaws.com - Medium
62 16.6.63.101 - - High
63 16.119.179.29 - - High
64 16.215.96.194 016-215-096-194.res.spectrum.com - High
65 17.5.115.62 - - High
66 17.27.53.89 - - High
67 17.210.26.114 - - High
68 18.33.230.2 - - High
69 18.49.202.119 - - High
70 18.90.144.73 - - High
71 18.129.149.91 - - High
72 18.194.29.180 ec2-18-194-29-180.eu-central-1.compute.amazonaws.com - Medium
73 19.4.19.84 - - High
74 19.43.124.213 - - High
75 20.118.2.20 - - High
76 20.133.243.96 - - High
77 20.143.75.211 - - High
78 20.169.182.215 - - High
79 20.229.84.137 - - High
80 20.253.19.194 - - High
81 21.11.121.107 - - High
82 21.156.102.3 - - High
83 21.192.27.192 - - High
84 21.203.91.206 - - High
85 21.250.19.72 - - High
86 23.10.193.233 a23-10-193-233.deploy.static.akamaitechnologies.com - High
87 23.10.207.183 a23-10-207-183.deploy.static.akamaitechnologies.com - High
88 23.28.96.141 d28-23-141-96.dim.wideopenwest.com - High
89 23.31.134.154 23-31-134-154-static.hfc.comcastbusiness.net - High
90 23.96.52.53 - - High
91 23.138.20.236 - - High
92 23.154.45.79 - - High
93 23.175.186.69 - - High
94 23.196.65.193 a23-196-65-193.deploy.static.akamaitechnologies.com - High
95 23.196.183.170 a23-196-183-170.deploy.static.akamaitechnologies.com - High
96 23.209.185.165 a23-209-185-165.deploy.static.akamaitechnologies.com - High
97 23.218.40.161 a23-218-40-161.deploy.static.akamaitechnologies.com - High
98 23.218.142.25 a23-218-142-25.deploy.static.akamaitechnologies.com - High
99 23.244.235.167 d-23-244-235-167.paw.cpe.atlanticbb.net - High
100 23.253.50.154 - - High
101 24.6.47.86 c-24-6-47-86.hsd1.ca.comcast.net - High
102 24.70.206.40 S01061033bff95647.ok.shawcable.net - High
103 24.199.52.80 rrcs-24-199-52-80.west.biz.rr.com - High
104 24.210.219.136 cpe-24-210-219-136.neo.res.rr.com - High
105 25.4.98.57 - - High
106 25.68.69.58 - - High
107 25.126.223.94 - - High
108 25.171.204.203 - - High
109 26.57.39.220 - - High
110 26.128.193.14 - - High
111 26.218.146.92 - - High
112 27.3.105.38 - - High
113 27.108.150.40 27.108.150.40.bti.net.ph - High
114 27.121.99.80 - - High
115 27.173.241.96 - - High
116 28.10.105.191 - - High
117 28.29.189.12 - - High
118 28.237.185.18 - - High
119 30.225.184.221 - - High
120 31.41.82.151 151.82.41.31.ip4.feromedia.eu - High
121 31.109.216.73 - - High
122 31.118.13.79 - - High
123 31.182.109.21 staticline-31-182-109-21.toya.net.pl - High
124 31.190.112.93 - - High
125 32.88.113.160 - - High
126 32.127.135.111 - - High
127 32.155.198.200 - - High
128 32.202.176.158 - - High
129 33.32.249.162 - - High
130 33.65.249.104 - - High
131 33.72.73.40 - - High
132 33.162.102.125 - - High
133 33.237.143.29 - - High
134 33.239.167.136 - - High
135 34.43.14.56 - - High
136 34.99.159.215 215.159.99.34.bc.googleusercontent.com - Medium
137 34.209.49.182 ec2-34-209-49-182.us-west-2.compute.amazonaws.com - Medium
138 36.91.156.204 - - High
139 36.105.72.159 - - High
140 36.207.228.85 - - High
141 36.211.14.156 - - High
142 36.244.111.17 em36-244-111-17.pool.e-mobile.ne.jp - High
143 37.34.87.162 - - High
144 37.35.132.115 115.132.35.37.dynamic.jazztel.es - High
145 37.43.2.233 - - High
146 37.67.195.64 64.195.67.37.rev.sfr.net - High
147 37.128.128.198 hydra-pilot.skillwise.net - High
148 37.180.175.89 mob-37-180-175-89.net.vodafone.it - High
149 37.191.164.233 233.37-191-164.fiber.lynet.no - High
150 38.64.142.137 - - High
151 38.89.103.70 - - High
152 38.110.242.41 38-110-242-41.ndemand.com - High
153 38.186.206.106 - - High
154 39.19.244.52 - - High
155 39.40.132.64 - - High
156 39.41.74.205 - - High
157 39.77.6.39 - - High
158 39.92.225.165 - - High
159 39.158.228.212 - - High
160 39.189.235.205 - - High
161 39.232.85.81 - - High
162 40.39.16.104 - - High
163 40.71.137.232 - - High
164 40.76.4.15 - - High
165 40.80.9.141 - - High
166 40.112.72.205 - - High
167 40.113.200.201 - - High
168 40.121.144.40 - - High
169 41.132.73.111 41-132-73-111.dsl.mweb.co.za - High
170 41.182.103.110 - - High
171 41.192.242.157 - - High
172 42.75.114.211 42-75-114-211.emome-ip.hinet.net - High
173 42.97.167.153 - - High
174 ... ... ... ...

There are 694 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Kovter. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-425 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94 Cross Site Scripting High
5 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kovter. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .python-version High
2 File /?ajax-request=jnews High
3 File /admin/curltest.cgi High
4 File /admin/js Medium
5 File /admin/vca/bia/addacph.cgi High
6 File /api/plugin/uninstall High
7 File /api/plugin/upload High
8 File /api/sys_username_passwd.cmd High
9 File /app/controller/Books.php High
10 File /app/options.py High
11 File /bin/posix/src/ports/POSIX/OpENer High
12 File /cgi-bin/ExportAllSettings.sh High
13 File /cgi-bin/mesh.cgi?page=upgrade High
14 File /cgi-bin/nightled.cgi High
15 File /cgi-bin/touchlist_sync.cgi High
16 File /conf/ Low
17 File /dashboard/menu-list.php High
18 File /dashboard/profile.php High
19 File /dashboard/table-list.php High
20 File /debug/pprof Medium
21 File /donor-wall Medium
22 ... ... ...

There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!