Kbot

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
KBot, a malware identified and analyzed by Kaspersky in February 2020, is one of the most recent viruses to spread in the wild. This malicious software, designed to exploit and damage computers or devices, typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Initially, KBot was a simple user-mode downloader, with its core speculated to be from the old ursnif/gozi2/isfb. Over time, however, it evolved into a more sophisticated threat. The downloaded malware samples were usually bankers, including KBot itself and Gozi ISFB. These were found to be part of the same family, indicating a common origin or authorship. Despite many users unwinding after winter, malware authors continued their nefarious activities. A few weeks after Kaspersky's analysis, a new campaign was launched spreading poorly obfuscated JavaScript and an interesting modification of KBot originating from the Carberp leak. This suggests that cybercriminals are constantly evolving their tactics and enhancing their malware to increase its effectiveness and evade detection.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT Polska
a year ago
Newest addition to a happy family: KBOT
SANS ISC
4 months ago
Computer viruses are celebrating their 40th birthday (well, 54th, really) - SANS Internet Storm Center
CERT Polska
a year ago
Ostap malware analysis (Backswap dropper)