Showing results for 
Show  only  | Search instead for 
Did you mean: 
Claim your free VMworld 2020 ticket now for a completely digital experience to learn about how VMware Carbon Black can protect you from sophisticated threats.

TAU-TIN – Kpot InfoStealer

TAU-TIN – Kpot InfoStealer


Kpot InfoStealer is an information stealing trojan that is available for sale in the underground markets. It will silently collect and steal sensitive information and passwords from web browsers, mail clients, FTP clients, cryptocurrency wallets, and other applications from the compromised system. Kpot InfoStealer will make connections to a Command & Control (C&C) Server and, depending on the configuration from the C&C server, it may issue commands to perform various malicious activities on the victim’s computer.

This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against Kpot InfoStealer.

Behavioral Summary

The following is a screenshot of Cloud Enterprise EDR (CB ThreatHunter) process chart by Kpot InfoStealer.



In addition, VMware Carbon Black Cloud Endpoint Standard (CB Defense) will display the malware’s overall triggered TTPs.



TID Tactics Technique
T1143 Defense Evasion Hidden Window
T1049 Discovery System Network Connections Discovery
T1016 Discovery System Network Configuration Discovery
T1135 Discovery Network Share Discovery
T1497 Defense Evasion, Discovery Virtualization/Sandbox Evasion
T1124 Discovery System Time Discovery
T1070 Defense Evasion Indicator Removal on Host
T1107 Defense Evasion File Deletion

Indicators of Compromise (IOCs)

Indicator Type Context
a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240 SHA256 Kpot InfoStealer
99785ae0679d6d3e27de83af403c23b0 MD5 Kpot InfoStealer
Labels (2)
Tags (1)
0 Kudos
Article Information
Creation Date: