pymafka 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

言語

en	26
zh	14
ko	2

国・地域

cn	38

アクター

pymafka	1
Cobalt Strike	1

関心

タイプ

Operating System	8
Not Defined	6
Web Browser	6
Web Server	4
Content Management System	4

ベンダー

Not Defined	12
Google	10
Microsoft	6
Linux	6
RealNetworks	2

製品

Linux Kernel	6
Google Chrome	6
Microsoft IIS	4
Google Android	4
Microsoft Windows	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Linux Kernel IPv6 ipv6_renew_options サービス拒否	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.08	CVE-2022-3524
2	Plone lxml Parser 特権昇格	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00178	0.00	CVE-2021-33511
3	SpringSource Spring Framework class.classLoader.URLs[0]=jar 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03641	0.04	CVE-2010-1622
4	Microsoft Windows win32k.sys xxxMenuWindowProc サービス拒否	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.03
5	Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg 情報の漏洩	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00088	0.00	CVE-2021-27364
6	jQuery クロスサイトスクリプティング	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00135	0.13	CVE-2020-23064
7	Easy Bootstrap Shortcode Plugin Shortcode Attribute クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.02	CVE-2022-4576
8	Sophos Web Appliance Warn-proceed 特権昇格	9.8	9.6	$0-$5k	$0-$5k	High	Official Fix	0.96886	0.00	CVE-2023-1671
9	Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob メモリ破損	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00374	0.06	CVE-2023-0210
10	Linux Kernel fs-writeback.c inode_cgwb_move_to_attached メモリ破損	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2023-26605
11	Linux Kernel bitmap.c ntfs_trim_fs メモリ破損	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2023-26606
12	Linux Kernel attrib.c ntfs_attr_find 情報の漏洩	6.3	6.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-2023-26607
13	WordPress SQLインジェクション	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
14	dedecmdv6 file_manage_control.php Privilege Escalation	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00390	0.00	CVE-2022-44118
15	dedecmdv6 sys_sql_query.php SQLインジェクション	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00137	0.02	CVE-2022-44120
16	Microsoft Windows Graphics Privilege Escalation	8.1	7.9	$25k-$100k	$5k-$25k	High	Official Fix	0.74737	0.08	CVE-2023-21823
17	ArcGIS Server SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.00	CVE-2021-29099
18	RealNetworks RealPlayer G2 Control クロスサイトスクリプティング	3.5	3.4	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00373	0.00	CVE-2022-32269
19	Microsoft Windows Common Log File System Driver Privilege Escalation	8.3	7.3	$100k 以上	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2021-43226
20	Google Chrome Animation メモリ破損	6.3	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.07058	0.17	CVE-2022-0609

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	39.106.227.92		pymafka	2022年07月30日	verified	高
2	XX.XXX.XXX.XX		Xxxxxxx	2022年07月30日	verified	高
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	2022年07月30日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	auth.c	predictive	低
2	File	class.classLoader.URLs[0]=jar	predictive	高
3	File	xxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.x	predictive	高
4	File	xxxx_xxxxxx_xxxxxxx.xxx	predictive	高
5	File	xx/xx-xxxxxxxxx.x	predictive	高
6	File	xx/xxxx/xxxxxx.x	predictive	高
7	File	xx/xxxxx/xxxxxx.x	predictive	高
8	File	xxxxx.xxx	predictive	中
9	File	xxx_xxx_xxxxx.xxx	predictive	高
10	Library	xxxxxx.xxx	predictive	中
11	Argument	xxxxx.xxxxxxxxxxx.xxxx[x]=xxx	predictive	高
12	Argument	xx_xxx	predictive	低
13	Argument	xxxxxxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!