KongTuke
Also known as Woodgnat, 404 TDS, Chaya_002, LandUpdate808, TAG-124
Reports
5
First seen
Jan 16
Last seen
Jun 25
Motivation
financial, financial (access broker), financial (initial access broker)
Targeting
Sectors
other ×3technology ×1
Victim regions
United States ×1
Top ATT&CK techniques
T1566 Phishing ×3T1059.001 PowerShell ×3T1071.001 Web Protocols ×3T1204 User Execution ×3T1071 Application Layer Protocol ×2T1518 Software Discovery ×2T1082 System Information Discovery ×2T1105 Ingress Tool Transfer ×2T1041 Exfiltration Over C2 Channel ×2T1547.001 Registry Run Keys / Startup Folder ×2T1547.005 Boot or Logon Autostart Execution: Scheduled Task ×1T1087 Account Discovery ×1
Indicators
filename ×26url ×12ip_v4 ×9domain ×4cve ×3registry_key ×3hash_sha256 ×2
Indicator values are available on Pro and via the API.
Associated CVEs
Recent reports
High