KV Botnet

    Thursday, August 8, 2024 In: Threat Research Print

    Date: 08/09/2024

    Severity: Medium

    Summary

    The "KV Botnet" is a type of malware-based network that infects and controls a large number of compromised computers, known as bots. It is typically used for various malicious activities, such as launching distributed denial-of-service (DDoS) attacks, stealing sensitive information, or distributing additional malware. The KV Botnet operates by leveraging infected machines to carry out coordinated attacks or data exfiltration, posing significant risks to both individuals and organizations.

    Indicators of Compromise (IOC) List

    IP Address

    45.32.174.131

    149.28.119.73

    207.246.100.151

    140.82.20.246

    155.138.146.162

    216.128.180.232

    66.42.124.155

    152.32.138.247

    193.36.119.48

    45.32.88.250

    108.61.132.157

    144.202.43.124

    45.11.92.176

    216.128.179.235

    159.203.113.25

    159.203.72.166

    192.169.6.241

    45.159.209.228

    104.156.246.150

    45.63.60.39

    174.138.56.21

    45.156.21.172

    108.61.203.19

    144.202.49.189 

    Hash

    f7315b4a12fd470a561be7289631a776

4bfffff0405a1156c801444c35b25c241b687c04

7178ee14a4103f569d0cb4cc84ab016f27caf7dc

fd8981b043381adfaed6ac4c4a625c177d343804

82de9031e5f6e46f7b7560d7ae45329f711d139f

6b458e39559fb6cb9f1c23ec15ee7300fcf15da7

08ad4f940d488587697820d13c3d175a05e5fa6c

6c177b41cc4376afbc955522ee213addb4ca2ef4

067f238d9d5c219d3c359dc398f5416f1a99c70b

8c04be1d054d0a9a5e33723ed91c336cd9e94cce

245e31af35cc6b950fcf08a0348a1b5ad178bf9a

311722dc71061d9977b8f713f812ed47ff9b8a7a

a6a4e8aba325b1942c80beaf17dc9887efd2f7a0

6528827cdd6fd5b27543669c606577a3fd733e73

a4414dee4899fad39014b269d16daed7065ba123

9c13ccb0c31539303b4b9cf0c8b6691afb351d77

8ed5a832dc036c452e137199db3e2f021390a9fb

7b30dc024e2bbfa9d21aca46783a6cd2656e6a92

48299c2c568ce5f0d4f801b4aee0a6109b68613d2948ce4948334bbd7adc49eb

5512cce87ff9dfd3ee9721eb29302d1700199ed7d625e09f9f779772ec06bdb0

c0871ecfe8b306074c6d376db14d966578a8511e5b5d355a4cf2c4d0b8c9deb9

36c63d0c2a78497ccf555e84f0233a514943faeff38281d99d00baf5df23f184

07118af421f14a7e07601639f44a72f6782757ae74d2afffdb531b8209697e7f

0279435f8727cca99bee575d157187787174d39f6872c2067de23afc681fe586

3fab16ec4643d8f6b9a99d85427322f7fb40e9ea3cd4de8318c6a52e29869d5a

5a2681ea2e1d0d5e7db2a2499d2e6e27b2689830c638d5ee28c2eef9867ececf

19aa5a2235ee2518826a48363cb603060ee73ddccdf7d93bf197f97d7402aa37

e88b03465c0376463f912a5601a518cc697330dc3e5857068f3de0c434b52c9a

b845ef0f9c5853ad1c226ac0ae7bb91159d5bb132185c1bfd171696b755a9164

c71d04e2b6b35fdd058b4be5cf9ea3478697950378d4ee3c7fe0bf87e1e3730f

b6226c3e0e4ad64bbda3e6a79eb464c7050faa25d1f5332dcac014d2e79dd87f

6a8230e66011e0a0012273f7d12110c23b1e33bd7232dc67a836662a3d1075c7

bf0ed245e897c7d1ada511db2939e8f3a879a96543f2651d5631339d5419bb75

f5271fcb895977dc1eead64415e525323cd412e3f2625aee2fafbb5674beea28

9e6a2a01decc2c26f3586a119b6fd3a886c4cf9c76aa452339d164fda40c63e4

08d0da0c36089f7a1f700b989f2f7825c5ba2549a20735d0bd1e64ca9c4885bc

d6cd1636569bba4131462bb8f45be1daa9a203aa343b6f2fd48a4847acfc29fa

86f01d5342ec39c65b1cff716f19c334cec26a82b87492d783d5e8f4ff9cb63a

b4f2470159ca93f9d585ae2df1da972f6d14a0c418ebc202a324b9be5c877b61

2cb6df289475457e807fc202a2b4688b2e23a88c94a8431981780caf8b76acf7

2711f1341d2f150a0c3e2d596939805d66ba7c6403346513d1fc826324f63c87

8e35d8643c00d9e2993625b03366a7cd1bd36e6a60bc0c6039a509fccf9df150

c524e118b1e263fccac6e94365b3a0b148a53ea96df21c8377ccd8ec3d6a0874

88fc3816c94f9b0191179f4e933843ee4cfdbcb392968605491a387b1235ec12

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    dstipaddress IN ("45.32.174.131","149.28.119.73","207.246.100.151","140.82.20.246","155.138.146.162","216.128.180.232","66.42.124.155","152.32.138.247","193.36.119.48","45.32.88.250","108.61.132.157","144.202.43.124","45.11.92.176","216.128.179.235","159.203.113.25","159.203.72.166","192.169.6.241","45.159.209.228","104.156.246.150","45.63.60.39","174.138.56.21","45.156.21.172","108.61.203.19","144.202.49.189") or ipaddress IN ("45.32.174.131","149.28.119.73","207.246.100.151","140.82.20.246","155.138.146.162","216.128.180.232","66.42.124.155","152.32.138.247","193.36.119.48","45.32.88.250","108.61.132.157","144.202.43.124","45.11.92.176","216.128.179.235","159.203.113.25","159.203.72.166","192.169.6.241","45.159.209.228","104.156.246.150","45.63.60.39","174.138.56.21","45.156.21.172","108.61.203.19","144.202.49.189") or publicipaddress IN ("45.32.174.131","149.28.119.73","207.246.100.151","140.82.20.246","155.138.146.162","216.128.180.232","66.42.124.155","152.32.138.247","193.36.119.48","45.32.88.250","108.61.132.157","144.202.43.124","45.11.92.176","216.128.179.235","159.203.113.25","159.203.72.166","192.169.6.241","45.159.209.228","104.156.246.150","45.63.60.39","174.138.56.21","45.156.21.172","108.61.203.19","144.202.49.189") or srcipaddress IN ("45.32.174.131","149.28.119.73","207.246.100.151","140.82.20.246","155.138.146.162","216.128.180.232","66.42.124.155","152.32.138.247","193.36.119.48","45.32.88.250","108.61.132.157","144.202.43.124","45.11.92.176","216.128.179.235","159.203.113.25","159.203.72.166","192.169.6.241","45.159.209.228","104.156.246.150","45.63.60.39","174.138.56.21","45.156.21.172","108.61.203.19","144.202.49.189")

    Detection Query 2

    md5hash IN ("f7315b4a12fd470a561be7289631a776")

sha1hash IN ("4bfffff0405a1156c801444c35b25c241b687c04","7178ee14a4103f569d0cb4cc84ab016f27caf7dc","fd8981b043381adfaed6ac4c4a625c177d343804","82de9031e5f6e46f7b7560d7ae45329f711d139f","6b458e39559fb6cb9f1c23ec15ee7300fcf15da7","08ad4f940d488587697820d13c3d175a05e5fa6c","6c177b41cc4376afbc955522ee213addb4ca2ef4","067f238d9d5c219d3c359dc398f5416f1a99c70b","8c04be1d054d0a9a5e33723ed91c336cd9e94cce","245e31af35cc6b950fcf08a0348a1b5ad178bf9a","311722dc71061d9977b8f713f812ed47ff9b8a7a","a6a4e8aba325b1942c80beaf17dc9887efd2f7a0","6528827cdd6fd5b27543669c606577a3fd733e73","a4414dee4899fad39014b269d16daed7065ba123","9c13ccb0c31539303b4b9cf0c8b6691afb351d77","8ed5a832dc036c452e137199db3e2f021390a9fb","7b30dc024e2bbfa9d21aca46783a6cd2656e6a92")

    Detection Query 3

    sha256hash IN ("48299c2c568ce5f0d4f801b4aee0a6109b68613d2948ce4948334bbd7adc49eb","5512cce87ff9dfd3ee9721eb29302d1700199ed7d625e09f9f779772ec06bdb0","c0871ecfe8b306074c6d376db14d966578a8511e5b5d355a4cf2c4d0b8c9deb9","36c63d0c2a78497ccf555e84f0233a514943faeff38281d99d00baf5df23f184","07118af421f14a7e07601639f44a72f6782757ae74d2afffdb531b8209697e7f","0279435f8727cca99bee575d157187787174d39f6872c2067de23afc681fe586","3fab16ec4643d8f6b9a99d85427322f7fb40e9ea3cd4de8318c6a52e29869d5a","5a2681ea2e1d0d5e7db2a2499d2e6e27b2689830c638d5ee28c2eef9867ececf","19aa5a2235ee2518826a48363cb603060ee73ddccdf7d93bf197f97d7402aa37","e88b03465c0376463f912a5601a518cc697330dc3e5857068f3de0c434b52c9a","b845ef0f9c5853ad1c226ac0ae7bb91159d5bb132185c1bfd171696b755a9164","c71d04e2b6b35fdd058b4be5cf9ea3478697950378d4ee3c7fe0bf87e1e3730f")

    Detection Query 4

    sha256hash IN("b6226c3e0e4ad64bbda3e6a79eb464c7050faa25d1f5332dcac014d2e79dd87f","6a8230e66011e0a0012273f7d12110c23b1e33bd7232dc67a836662a3d1075c7","bf0ed245e897c7d1ada511db2939e8f3a879a96543f2651d5631339d5419bb75","f5271fcb895977dc1eead64415e525323cd412e3f2625aee2fafbb5674beea28","9e6a2a01decc2c26f3586a119b6fd3a886c4cf9c76aa452339d164fda40c63e4","08d0da0c36089f7a1f700b989f2f7825c5ba2549a20735d0bd1e64ca9c4885bc","d6cd1636569bba4131462bb8f45be1daa9a203aa343b6f2fd48a4847acfc29fa","86f01d5342ec39c65b1cff716f19c334cec26a82b87492d783d5e8f4ff9cb63a","b4f2470159ca93f9d585ae2df1da972f6d14a0c418ebc202a324b9be5c877b61","2cb6df289475457e807fc202a2b4688b2e23a88c94a8431981780caf8b76acf7","2711f1341d2f150a0c3e2d596939805d66ba7c6403346513d1fc826324f63c87","8e35d8643c00d9e2993625b03366a7cd1bd36e6a60bc0c6039a509fccf9df150","c524e118b1e263fccac6e94365b3a0b148a53ea96df21c8377ccd8ec3d6a0874","88fc3816c94f9b0191179f4e933843ee4cfdbcb392968605491a387b1235ec12")

    Reference: 

    https://www.csk.gov.in/alerts/KV_Botnet.html

    https://github.com/blacklotuslabs/IOCs/blob/main/KVbotnet_IOCs.txt

     

     


    Tags

    CSK - IndiaMalwareBotnetRAT

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.