Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

TAU-TIN – Kpot InfoStealer

TAU-TIN – Kpot InfoStealer

Summary

Kpot InfoStealer is an information stealing trojan that is available for sale in the underground markets. It will silently collect and steal sensitive information and passwords from web browsers, mail clients, FTP clients, cryptocurrency wallets, and other applications from the compromised system. Kpot InfoStealer will make connections to a Command & Control (C&C) Server and, depending on the configuration from the C&C server, it may issue commands to perform various malicious activities on the victim’s computer.

This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against Kpot InfoStealer.

Behavioral Summary

The following is a screenshot of Cloud Enterprise EDR (CB ThreatHunter) process chart by Kpot InfoStealer.

kp1.png

 

In addition, VMware Carbon Black Cloud Endpoint Standard (CB Defense) will display the malware’s overall triggered TTPs.

kp2.png

MITRE ATT&CK TIDs

TID Tactics Technique
T1143 Defense Evasion Hidden Window
T1049 Discovery System Network Connections Discovery
T1016 Discovery System Network Configuration Discovery
T1135 Discovery Network Share Discovery
T1497 Defense Evasion, Discovery Virtualization/Sandbox Evasion
T1124 Discovery System Time Discovery
T1070 Defense Evasion Indicator Removal on Host
T1107 Defense Evasion File Deletion


Indicators of Compromise (IOCs)

Indicator Type Context
a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240 SHA256 Kpot InfoStealer
99785ae0679d6d3e27de83af403c23b0 MD5 Kpot InfoStealer
Labels (2)
Tags (1)
0 Kudos
Article Information
Author:
Creation Date:
‎04-14-2020
Views:
1596