MalKamak Analysis

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

NetCommWireless HSPA 3G10WVE2
Watchguard Fireware2
Apache HTTP Server2
snapd2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WP Super Cache Plugin Cache Settings wp-cache-config.php code injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2021-24209
2Microsoft Windows Terminal Services/Citrix Server improper authentication7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.05
3Microsoft Windows Remote Desktop mstlsapi.dll improper authentication6.56.2$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.017600.03CVE-2005-1794
4Apache HTTP Server Inbound Connection request smuggling7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.011920.04CVE-2022-22720
5Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.011340.00CVE-2022-39198
6Google Android Layout.java getOffsetForHorizontal input validation4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002770.03CVE-2018-9452
7Google Android PackageItemInfo.java loadLabel denial of service6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0651
8Wind River VxWorks TCP memory corruption8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.936780.03CVE-2019-12255
9spice-vdagentd File Transfer spice-vdagent-sock allocation of resources5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2020-25650
10Foxit Reader/PhantomPDF FXSYS_wcslen null pointer dereference5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2019-20829
11Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi input validation7.56.8$0-$5k$0-$5kHighTemporary Fix0.701930.00CVE-2013-4615
12snapd snap-confine tmp link following7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004700.00CVE-2019-11502
13Facebook WhatsApp MP4 File stack-based overflow7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.07CVE-2019-11931
14Microsoft Windows File Signature Validation signature verification5.75.2$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.001310.00CVE-2020-16922
15Pivotal Spring Framework Read path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003010.02CVE-2014-3578
16Watchguard Fireware AD Helper list Password cleartext storage6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020270.00CVE-2020-10532
17Dropbear SSH Shell Command Restriction crlf injection6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028350.04CVE-2016-3116
18NetCommWireless HSPA 3G10WVE ping.cgi command injection8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.016600.00CVE-2015-6024
19NetCommWireless HSPA 3G10WVE ping.cgi access control7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.008250.00CVE-2015-6023
20Adcon Telemetry A850 Telemetry Gateway Base Station Web Interface cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000840.00CVE-2016-2274

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
150.116.17.41li601-41.members.linode.comMalKamakGhostShell10/08/2021verifiedHigh
2XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxxxxx10/08/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/domains/listpredictiveHigh
2File/run/spice-vdagentd/spice-vdagent-sockpredictiveHigh
3File/xxxpredictiveLow
4Filexxxxxxx/xxxxx_xxxxx/xxx_xxx.xxxpredictiveHigh
5Filexxxxxx.xxxxpredictiveMedium
6Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
9Libraryxxxxxxxx.xxxpredictiveMedium
10Argumentxxxxx_xxxxpredictiveMedium
11Argumentxxx_xxxxxxxxxpredictiveHigh
12Argumentxxx_xxxxxpredictiveMedium
13ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!