Darknet Diaries Cyber Kill
chain
This cyber kill chain analysis is based on
episode 13 of Darknet Diaries called "Carna
Botnet" and was written by Nikita Ponomarev
And was written for a Penetration testing course taught by Tero Karvinen
An anonymous researcher researching weak
protocols (telnet) with weak credentials creates a botnet in order to scan the
whole internet, with his
published research spawning countless copycats.
Reconnaissance: Scanning IPs which are running telnet (default
port 23), with default credentials (admin:admin,
admin: , root:root, root: )
Weaponization: small binary that connects the weak computer to
the botnet
Delivery: telnet? (no information found during research,
possibly encoded the small binary and compiled it on target machine?)
Exploitation: telnet shell
Installation: compile the binary
Command & Control: Scan the whole IPv4 address space
using the botnet
Actions on Objectives: Publish a viral gif that has pretty
colors