Kbot

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
KBot, a malware identified and analyzed by Kaspersky in February 2020, is one of the most recent viruses to spread in the wild. This malicious software, designed to exploit and damage computers or devices, typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Initially, KBot was a simple user-mode downloader, with its core speculated to be from the old ursnif/gozi2/isfb. Over time, however, it evolved into a more sophisticated threat. The downloaded malware samples were usually bankers, including KBot itself and Gozi ISFB. These were found to be part of the same family, indicating a common origin or authorship. Despite many users unwinding after winter, malware authors continued their nefarious activities. A few weeks after Kaspersky's analysis, a new campaign was launched spreading poorly obfuscated JavaScript and an interesting modification of KBot originating from the Carberp leak. This suggests that cybercriminals are constantly evolving their tactics and enhancing their malware to increase its effectiveness and evade detection.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gozi Isfb
1
Gozi ISFB, also known as Ursnif and Dreambot, is a malicious software (malware) that has been actively developed and distributed worldwide. This malware is designed to exploit computer systems, primarily targeting the banking and financial sectors by stealing passwords and credentials from victims.
Isfb
1
ISFB, also known as Gozi or Ursnif, is a form of malware that has been a significant part of the cyberthreat landscape for several years. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user'
Carberp
1
Carberp is a notable malware that has been widely used and modified by various threat actors. Its source code, which was leaked in 2013, has become the basis for a multitude of other malicious software due to its sophisticated design and capabilities. The malware can infiltrate systems through dubio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
JavaScript
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SANS ISC
6 months ago
Computer viruses are celebrating their 40th birthday (well, 54th, really) - SANS Internet Storm Center
CERT Polska
a year ago
Ostap malware analysis (Backswap dropper)
CERT Polska
a year ago
Newest addition to a happy family: KBOT