MalKamak Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	18
zh	6
fr	2
ja	2

Country

CN: China	22
US: USA	4

Actors

MalKamak	2

Activities

Interest

Timeline

Type

Not Defined	16
Operating System	4
Document Reader Software	2
Versioning Software	2
Web Server	2

Vendor

Microsoft	4
Apache	4
Not Defined	4
Adcon Telemetry	2
Hikvision	2

Product

Microsoft Windows	4
Adcon Telemetry A850 Telemetry Gateway Base Statio ...	2
Hikvision LocalServiceComponents	2
Apache OFBiz	2
snapd	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Git Cloning process control	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.07	CVE-2024-32004
2	Hikvision LocalServiceComponents Messages Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.06	CVE-2023-28813
3	Hikvision LocalServiceComponents Messages buffer overflow	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00134	0.05	CVE-2023-28812
4	Apache OFBiz path traversal	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.07801	0.07	CVE-2024-32113
5	WP Super Cache Plugin Cache Settings wp-cache-config.php code injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.06	CVE-2021-24209
6	Microsoft Windows Terminal Services/Citrix Server improper authentication	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
7	Microsoft Windows Remote Desktop mstlsapi.dll improper authentication	6.5	6.2	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01270	0.00	CVE-2005-1794
8	Apache HTTP Server Inbound Connection request smuggling	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00753	0.04	CVE-2022-22720
9	Apache Dubbo deserialization	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01139	0.00	CVE-2022-39198
10	Google Android Layout.java getOffsetForHorizontal input validation	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.03	CVE-2018-9452
11	Google Android PackageItemInfo.java loadLabel denial of service	6.0	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-0651
12	Wind River VxWorks TCP memory corruption	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.92578	0.00	CVE-2019-12255
13	spice-vdagentd File Transfer spice-vdagent-sock allocation of resources	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.00	CVE-2020-25650
14	Foxit Reader/PhantomPDF FXSYS_wcslen null pointer dereference	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-20829
15	Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi input validation	7.5	6.8	$0-$5k	$0-$5k	High	Temporary Fix	0.73416	0.00	CVE-2013-4615
16	snapd snap-confine tmp link following	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00470	0.00	CVE-2019-11502
17	Facebook WhatsApp MP4 File stack-based overflow	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00086	0.07	CVE-2019-11931
18	Microsoft Windows File Signature Validation signature verification	5.7	5.2	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.00131	0.00	CVE-2020-16922
19	Pivotal Spring Framework Read path traversal	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00301	0.04	CVE-2014-3578
20	Watchguard Fireware AD Helper list Password cleartext storage	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02027	0.00	CVE-2020-10532

Campaigns (1)

These are the campaigns that can be associated with the actor:

GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	50.116.17.41	li601-41.members.linode.com	MalKamak	GhostShell	10/08/2021	verified	Medium
2	XXX.XXX.XXX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	Xxxxxxxxxx	10/08/2021	verified	Medium

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/domains/list	predictive	High
2	File	/run/spice-vdagentd/spice-vdagent-sock	predictive	High
3	File	/xxx	predictive	Low
4	File	xxxxxxx/xxxxx_xxxxx/xxx_xxx.xxx	predictive	High
5	File	xxxxxx.xxxx	predictive	Medium
6	File	xxxxxxxxxxxxxxx.xxxx	predictive	High
7	File	xxxx.xxx	predictive	Medium
8	File	xx-xxxxx-xxxxxx.xxx	predictive	High
9	Library	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxxx_xxxx	predictive	Medium
11	Argument	xxx_xxxxxxxxx	predictive	High
12	Argument	xxx_xxxxx	predictive	Medium
13	Argument	xxxxxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!