MalKamak Analysis

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

snapd2
Wind River VxWorks2
Adcon Telemetry A850 Telemetry Gateway Base Statio ...2
NetCommWireless HSPA 3G10WVE2
Facebook WhatsApp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apache HTTP Server Inbound Connection request smuggling7.37.0$25k-$50k$5k-$10kNot DefinedOfficial Fix0.310.05242CVE-2022-22720
2Apache Dubbo deserialization7.67.6$10k-$25k$5k-$10kNot DefinedNot Defined0.000.01086CVE-2022-39198
3Google Android Layout.java getOffsetForHorizontal input validation4.74.5$10k-$25k$2k-$5kNot DefinedOfficial Fix0.040.03161CVE-2018-9452
4Google Android PackageItemInfo.java loadLabel denial of service6.05.9$10k-$25k$5k-$10kNot DefinedOfficial Fix0.030.01036CVE-2021-0651
5Wind River VxWorks TCP memory corruption8.58.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.010.31184CVE-2019-12255
6spice-vdagentd File Transfer spice-vdagent-sock allocation of resources5.55.5$0-$1k$0-$1kNot DefinedNot Defined0.010.00950CVE-2020-25650
7Foxit Reader/PhantomPDF FXSYS_wcslen null pointer dereference5.95.6$0-$1k$0-$1kNot DefinedOfficial Fix0.020.00885CVE-2019-20829
8Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi input validation7.56.8$1k-$2k$0-$1kHighTemporary Fix0.020.29583CVE-2013-4615
9snapd snap-confine tmp link following7.47.1$2k-$5k$0-$1kNot DefinedOfficial Fix0.010.00954CVE-2019-11502
10Facebook WhatsApp MP4 File stack-based overflow7.06.7$10k-$25k$2k-$5kNot DefinedOfficial Fix0.010.01404CVE-2019-11931
11Microsoft Windows File Signature Validation signature verification5.75.2$25k-$50k$5k-$10kProof-of-ConceptOfficial Fix0.010.01150CVE-2020-16922
12Pivotal Spring Framework Read path traversal5.35.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.000.01974CVE-2014-3578
13Watchguard Fireware AD Helper list Password cleartext storage6.46.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.030.01055CVE-2020-10532
14Dropbear SSH Shell Command Restriction crlf injection6.36.0$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.050.42892CVE-2016-3116
15NetCommWireless HSPA 3G10WVE ping.cgi command injection8.07.2$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.000.01319CVE-2015-6024
16NetCommWireless HSPA 3G10WVE ping.cgi access control7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.010.01319CVE-2015-6023
17Adcon Telemetry A850 Telemetry Gateway Base Station Web Interface cross site scripting5.25.2$0-$1k$0-$1kNot DefinedNot Defined0.030.00885CVE-2016-2274
18Crosstec NetOp School Access Restriction privileges management5.95.7$2k-$5k$0-$1kNot DefinedOfficial Fix0.040.00890CVE-2001-1094
19McAfee Total Protection 2010 Malware Detection race condition7.47.4$5k-$10k$0-$1kNot DefinedNot Defined0.010.02172CVE-2010-5166

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
150.116.17.41li601-41.members.linode.comMalKamakGhostShellverifiedHigh
2XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/domains/listpredictiveHigh
2File/run/spice-vdagentd/spice-vdagent-sockpredictiveHigh
3File/xxxpredictiveLow
4Filexxxxxxx/xxxxx_xxxxx/xxx_xxx.xxxpredictiveHigh
5Filexxxxxx.xxxxpredictiveMedium
6Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8Argumentxxx_xxxxxxxxxpredictiveHigh
9Argumentxxx_xxxxxpredictiveMedium
10ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!