pymafka Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	24
en	16

Country

cn	40

Actors

pymafka	1
Cobalt Strike	1

Activities

Interest

Timeline

Type

Operating System	10
Not Defined	6
Web Browser	4
Content Management System	4
Windowing System Software	2

Vendor

Not Defined	12
Linux	6
Google	6
Microsoft	4
X.org	2

Product

Linux Kernel	6
Google Chrome	4
Microsoft Windows	4
runc	2
X.org X11 Server	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Linux Kernel IPv6 ipv6_renew_options memory leak	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-3524
2	Plone lxml Parser server-side request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00158	CVE-2021-33511
3	SpringSource Spring Framework class.classLoader.URLs[0]=jar code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.04262	CVE-2010-1622
4	Microsoft Windows win32k.sys xxxMenuWindowProc denial of service	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.00000
5	Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg out-of-bounds	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00088	CVE-2021-27364
6	Sophos Web Appliance Warn-proceed command injection	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.36262	CVE-2023-1671
7	Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob memory corruption	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00159	CVE-2023-0210
8	Linux Kernel fs-writeback.c inode_cgwb_move_to_attached use after free	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00043	CVE-2023-26605
9	Linux Kernel bitmap.c ntfs_trim_fs use after free	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00043	CVE-2023-26606
10	Linux Kernel attrib.c ntfs_attr_find out-of-bounds	6.3	6.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00043	CVE-2023-26607
11	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09	0.00653	CVE-2022-21664
12	dedecmdv6 file_manage_control.php Privilege Escalation	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00253	CVE-2022-44118
13	dedecmdv6 sys_sql_query.php sql injection	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00076	CVE-2022-44120
14	Microsoft Windows Graphics Privilege Escalation	8.1	7.9	$25k-$100k	$5k-$25k	High	Official Fix	0.07	0.95004	CVE-2023-21823
15	ArcGIS Server sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00072	CVE-2021-29099
16	RealNetworks RealPlayer G2 Control cross site scripting	3.5	3.4	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00	0.00341	CVE-2022-32269
17	Microsoft Windows Common Log File System Driver Privilege Escalation	8.3	7.3	$100k and more	$5k-$25k	Unproven	Official Fix	0.03	0.00043	CVE-2021-43226
18	Google Chrome Animation use after free	6.3	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.02	0.04586	CVE-2022-0609
19	Google Chrome V8 type confusion	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.06	0.96969	CVE-2021-21224
20	Google Chrome GPU use after free	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03	0.00358	CVE-2021-30573

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	39.106.227.92		pymafka	07/30/2022	verified	High
2	XX.XXX.XXX.XX		Xxxxxxx	07/30/2022	verified	High
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	07/30/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CWE-94	Cross Site Scripting	predictive	High
2	T1059.007	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
4	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	auth.c	predictive	Low
2	File	class.classLoader.URLs[0]=jar	predictive	High
3	File	xxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.x	predictive	High
4	File	xxxx_xxxxxx_xxxxxxx.xxx	predictive	High
5	File	xx/xx-xxxxxxxxx.x	predictive	High
6	File	xx/xxxx/xxxxxx.x	predictive	High
7	File	xx/xxxxx/xxxxxx.x	predictive	High
8	File	xxxxx.xxx	predictive	Medium
9	File	xxx_xxx_xxxxx.xxx	predictive	High
10	Library	xxxxxx.xxx	predictive	Medium
11	Argument	xxxxx.xxxxxxxxxxx.xxxx[x]=xxx	predictive	High
12	Argument	xx_xxx	predictive	Low
13	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!