pymafka Analysisinfo

IOB - Indicator of Behavior (43)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en26
zh16
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Linux Kernel6
Microsoft IIS4
Google Chrome4
RealNetworks RealPlayer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel IPv6 ipv6_renew_options memory leak5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.08CVE-2022-3524
2Plone lxml Parser server-side request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001780.05CVE-2021-33511
3SpringSource Spring Framework class.classLoader.URLs[0] code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.05CVE-2010-1622
4Microsoft Windows win32k.sys xxxMenuWindowProc denial of service5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
5Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg out-of-bounds6.36.0$5k-$25kCalculatingNot DefinedOfficial Fix0.000880.00CVE-2021-27364
6Array Networks Array AG/vxAG SSL VPN Gateway improper authentication5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003210.05CVE-2023-28461
7jQuery cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000450.09CVE-2020-23064
8Easy Bootstrap Shortcode Plugin Shortcode Attribute cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-4576
9Sophos Web Appliance Warn-proceed command injection9.89.7$0-$5k$0-$5kHighOfficial Fix0.962220.03CVE-2023-1671
10Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob memory corruption7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004670.04CVE-2023-0210
11Linux Kernel fs-writeback.c inode_cgwb_move_to_attached use after free6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000710.00CVE-2023-26605
12Linux Kernel bitmap.c ntfs_trim_fs use after free6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2023-26606
13Linux Kernel attrib.c ntfs_attr_find out-of-bounds6.36.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000710.03CVE-2023-26607
14WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
15dedecmdv6 file_manage_control.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.004680.00CVE-2022-44118
16dedecmdv6 sys_sql_query.php sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001420.00CVE-2022-44120
17Microsoft Windows Graphics integer overflow8.17.9$100k and more$25k-$100kHighOfficial Fix0.551610.00CVE-2023-21823
18ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.04CVE-2021-29099
19RealNetworks RealPlayer G2 Control cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.003730.00CVE-2022-32269
20Microsoft Windows Common Log File System Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-43226

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
139.106.227.92pymafka07/30/2022verifiedMedium
2XX.XXX.XXX.XXXxxxxxx07/30/2022verifiedMedium
3XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx07/30/2022verifiedLow

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileauth.cpredictiveLow
2Fileclass.classLoader.URLs[0]=jarpredictiveHigh
3Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
4Filexxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
5Filexx/xx-xxxxxxxxx.xpredictiveHigh
6Filexx/xxxx/xxxxxx.xpredictiveHigh
7Filexx/xxxxx/xxxxxx.xpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxx_xxx_xxxxx.xxxpredictiveHigh
10Libraryxxxxxx.xxxpredictiveMedium
11Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
12Argumentxx_xxxpredictiveLow
13ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!