MalKamak تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

اللغة

en	20
zh	2

البلد

cn	20
us	2

الفاعلين

MalKamak	1

الاهتمام

النوع

Not Defined	12
Operating System	4
Web Server	2
Smartphone Operating System	2
Social Network Software	2

المجهز

Microsoft	4
Not Defined	4
Apache	2
Crosstec	2
Canon	2

منتج

Microsoft Windows	4
Apache HTTP Server	2
Crosstec NetOp School	2
Canon MX340	2
Canon MP495	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	WP Super Cache Plugin Cache Settings wp-cache-config.php تجاوز الصلاحيات	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00097	CVE-2021-24209
2	Microsoft Windows Terminal Services/Citrix Server توثيق ضعيف	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.00000
3	Microsoft Windows Remote Desktop mstlsapi.dll توثيق ضعيف	6.5	6.2	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.01760	CVE-2005-1794
4	Apache HTTP Server Inbound Connection تجاوز الصلاحيات	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03	0.01559	CVE-2022-22720
5	Apache Dubbo تجاوز الصلاحيات	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.01134	CVE-2022-39198
6	Google Android Layout.java getOffsetForHorizontal تجاوز الصلاحيات	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00277	CVE-2018-9452
7	Google Android PackageItemInfo.java loadLabel الحرمان من الخدمة	6.0	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00044	CVE-2021-0651
8	Wind River VxWorks TCP تلف الذاكرة	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.94115	CVE-2019-12255
9	spice-vdagentd File Transfer spice-vdagent-sock الحرمان من الخدمة	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00056	CVE-2020-25650
10	Foxit Reader/PhantomPDF FXSYS_wcslen الحرمان من الخدمة	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-20829
11	Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi تجاوز الصلاحيات	7.5	6.8	$0-$5k	$0-$5k	High	Temporary Fix	0.00	0.69689	CVE-2013-4615
12	snapd snap-confine tmp تجاوز الصلاحيات	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00391	CVE-2019-11502
13	Facebook WhatsApp MP4 File تلف الذاكرة	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00078	CVE-2019-11931
14	Microsoft Windows File Signature Validation توثيق ضعيف	5.7	5.2	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.02	0.00131	CVE-2020-16922
15	Pivotal Spring Framework Read اجتياز الدليل	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00301	CVE-2014-3578
16	Watchguard Fireware AD Helper list Password تشفير ضعيف	6.4	6.1	$0-$5k	جاري الحساب	Not Defined	Official Fix	0.00	0.01503	CVE-2020-10532
17	Dropbear SSH Shell Command Restriction تجاوز الصلاحيات	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.02835	CVE-2016-3116
18	NetCommWireless HSPA 3G10WVE ping.cgi تجاوز الصلاحيات	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01660	CVE-2015-6024
19	NetCommWireless HSPA 3G10WVE ping.cgi تجاوز الصلاحيات	7.3	6.6	$0-$5k	جاري الحساب	Proof-of-Concept	Official Fix	0.00	0.00825	CVE-2015-6023
20	Adcon Telemetry A850 Telemetry Gateway Base Station Web Interface سكربتات مشتركة	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00084	CVE-2016-2274

حملات (1)

These are the campaigns that can be associated with the actor:

GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	50.116.17.41	li601-41.members.linode.com	MalKamak	GhostShell	08/10/2021	verified	عالي
2	XXX.XXX.XXX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	Xxxxxxxxxx	08/10/2021	verified	عالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1059	CWE-94	Argument Injection	predictive	عالي
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/domains/list	predictive	عالي
2	File	/run/spice-vdagentd/spice-vdagent-sock	predictive	عالي
3	File	/xxx	predictive	واطئ
4	File	xxxxxxx/xxxxx_xxxxx/xxx_xxx.xxx	predictive	عالي
5	File	xxxxxx.xxxx	predictive	متوسط
6	File	xxxxxxxxxxxxxxx.xxxx	predictive	عالي
7	File	xxxx.xxx	predictive	متوسط
8	File	xx-xxxxx-xxxxxx.xxx	predictive	عالي
9	Library	xxxxxxxx.xxx	predictive	متوسط
10	Argument	xxxxx_xxxx	predictive	متوسط
11	Argument	xxx_xxxxxxxxx	predictive	عالي
12	Argument	xxx_xxxxx	predictive	متوسط
13	Argument	xxxxxxx	predictive	واطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!