Routers Roasting on an Open Firewall: the KV-botnet Investigation [Thursday, December 14, 2023]

Routers Roasting on an Open Firewall: the KV-botnet Investigation [Thursday, December 14, 2023]
Report

Routers Roasting on an Open Firewall: the KV-botnet Investigation

Description :
A report on the “KV-botnet” - a network compromised by a state-sponsored actor based in China - reveals details of a multi-million dollar cyber-attack.

Published Created Modified
2023-12-14 14:02:28 2023-12-14 14:02:28 2023-12-14 14:19:39

Tags

Indicators

IPv4s :
  • 108.61.132.157
  • 193.36.119.48
  • 144.202.43.124
  • 140.82.20.246
  • 144.202.49.189
  • 45.11.92.176
  • 159.203.72.166
  • 108.61.203.19
  • 174.138.56.21
  • 207.246.100.151
  • 149.28.119.73
  • 45.156.21.172
  • 216.128.180.232
  • 45.32.88.250
  • 192.169.6.241
  • 66.42.124.155
  • 104.156.246.150
  • 159.203.113.25
  • 216.128.179.235
  • 155.138.146.162
Domains :
  • 2fgithub.com
Hashes :
  • 88fc3816c94f9b0191179f4e933843ee4cfdbcb392968605491a387b1235ec12
  • 8e35d8643c00d9e2993625b03366a7cd1bd36e6a60bc0c6039a509fccf9df150
  • 0279435f8727cca99bee575d157187787174d39f6872c2067de23afc681fe586
  • 7043ffd9ce3fe48c9fb948ae958a2e9966d29afe380d6b61d5efb826b70334f5
  • 36c63d0c2a78497ccf555e84f0233a514943faeff38281d99d00baf5df23f184
  • f5271fcb895977dc1eead64415e525323cd412e3f2625aee2fafbb5674beea28
  • c2299d8581af4ea8048bbf2bffd45c6ddca323c9c718c172355cc0df006ea6ca
  • d6cd1636569bba4131462bb8f45be1daa9a203aa343b6f2fd48a4847acfc29fa
  • e88b03465c0376463f912a5601a518cc697330dc3e5857068f3de0c434b52c9a
  • 19aa5a2235ee2518826a48363cb603060ee73ddccdf7d93bf197f97d7402aa37
  • 6a8230e66011e0a0012273f7d12110c23b1e33bd7232dc67a836662a3d1075c7
  • 5a2681ea2e1d0d5e7db2a2499d2e6e27b2689830c638d5ee28c2eef9867ececf
  • 5928f67db54220510f6863c0edc0343fdb68f7c7070496a3f49f99b3b545daf9
  • 07118af421f14a7e07601639f44a72f6782757ae74d2afffdb531b8209697e7f
  • cdffba0ebda39b3b58f59815be3829ca9c1cde957b46a6ad5ce4b31e405455bb
  • c71d04e2b6b35fdd058b4be5cf9ea3478697950378d4ee3c7fe0bf87e1e3730f
  • 86f01d5342ec39c65b1cff716f19c334cec26a82b87492d783d5e8f4ff9cb63a
  • 2cb6df289475457e807fc202a2b4688b2e23a88c94a8431981780caf8b76acf7
  • b4f2470159ca93f9d585ae2df1da972f6d14a0c418ebc202a324b9be5c877b61
  • bf0ed245e897c7d1ada511db2939e8f3a879a96543f2651d5631339d5419bb75
  • 3fab16ec4643d8f6b9a99d85427322f7fb40e9ea3cd4de8318c6a52e29869d5a
  • b6226c3e0e4ad64bbda3e6a79eb464c7050faa25d1f5332dcac014d2e79dd87f
  • 08d0da0c36089f7a1f700b989f2f7825c5ba2549a20735d0bd1e64ca9c4885bc
  • 9e6a2a01decc2c26f3586a119b6fd3a886c4cf9c76aa452339d164fda40c63e4
  • 690638c702170dba9e43b0096944c4e7540b827218afbfaebc902143cda4f2a7
  • 5512cce87ff9dfd3ee9721eb29302d1700199ed7d625e09f9f779772ec06bdb0
  • dc7b6b4f53581b53edfbbc83d825cfa0450b2039f126cd62e8529189bb156033
  • b845ef0f9c5853ad1c226ac0ae7bb91159d5bb132185c1bfd171696b755a9164
  • 2711f1341d2f150a0c3e2d596939805d66ba7c6403346513d1fc826324f63c87
  • c524e118b1e263fccac6e94365b3a0b148a53ea96df21c8377ccd8ec3d6a0874
  • d90e4a1b3a6bf019474b3be1703bf3211f1ebcca00b21bc252a39af274dc4fb0
  • 48299c2c568ce5f0d4f801b4aee0a6109b68613d2948ce4948334bbd7adc49eb
  • c0871ecfe8b306074c6d376db14d966578a8511e5b5d355a4cf2c4d0b8c9deb9
  • 2b640582bbbffe58c4efb8ab5a0412e95130e70a587fd1e194fbcd4b33d432cf
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.