MalKamak Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Lang

en	20
zh	2

Land

cn	18
us	2

Skådespelare

MalKamak	2

Intressera

Typ

Not Defined	12
Operating System	4
Smartphone Operating System	4
SSH Server Software	2

Säljare

Microsoft	4
Not Defined	4
Google	4
Wind River	2
Crosstec	2

Produkt

Microsoft Windows	4
Google Android	4
Wind River VxWorks	2
Crosstec NetOp School	2
spice-vdagentd	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	WP Super Cache Plugin Cache Settings wp-cache-config.php privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2021-24209
2	Microsoft Windows Terminal Services/Citrix Server svag autentisering	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
3	Microsoft Windows Remote Desktop mstlsapi.dll svag autentisering	6.5	6.2	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01760	0.08	CVE-2005-1794
4	Apache HTTP Server Inbound Connection privilegier eskalering	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01559	0.04	CVE-2022-22720
5	Apache Dubbo privilegier eskalering	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01134	0.00	CVE-2022-39198
6	Google Android Layout.java getOffsetForHorizontal privilegier eskalering	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.03	CVE-2018-9452
7	Google Android PackageItemInfo.java loadLabel förnekande av tjänsten	6.0	5.9	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-0651
8	Wind River VxWorks TCP minneskorruption	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.94036	0.03	CVE-2019-12255
9	spice-vdagentd File Transfer spice-vdagent-sock förnekande av tjänsten	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.00	CVE-2020-25650
10	Foxit Reader/PhantomPDF FXSYS_wcslen förnekande av tjänsten	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-20829
11	Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi privilegier eskalering	7.5	6.8	$0-$5k	$0-$5k	High	Temporary Fix	0.69689	0.00	CVE-2013-4615
12	snapd snap-confine tmp privilegier eskalering	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00470	0.00	CVE-2019-11502
13	Facebook WhatsApp MP4 File minneskorruption	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2019-11931
14	Microsoft Windows File Signature Validation svag autentisering	5.7	5.2	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.00131	0.00	CVE-2020-16922
15	Pivotal Spring Framework Read kataloggenomgång	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00301	0.02	CVE-2014-3578
16	Watchguard Fireware AD Helper list Password svag kryptering	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01503	0.00	CVE-2020-10532
17	Dropbear SSH Shell Command Restriction privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02835	0.04	CVE-2016-3116
18	NetCommWireless HSPA 3G10WVE ping.cgi privilegier eskalering	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01660	0.00	CVE-2015-6024
19	NetCommWireless HSPA 3G10WVE ping.cgi privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00825	0.00	CVE-2015-6023
20	Adcon Telemetry A850 Telemetry Gateway Base Station Web Interface cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00084	0.00	CVE-2016-2274

Kampanjer (1)

These are the campaigns that can be associated with the actor:

GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	50.116.17.41	li601-41.members.linode.com	MalKamak	GhostShell	08/10/2021	verified	Hög
2	XXX.XXX.XXX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	Xxxxxxxxxx	08/10/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1059	CWE-94	Argument Injection	predictive	Hög
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/domains/list	predictive	Hög
2	File	/run/spice-vdagentd/spice-vdagent-sock	predictive	Hög
3	File	/xxx	predictive	Låg
4	File	xxxxxxx/xxxxx_xxxxx/xxx_xxx.xxx	predictive	Hög
5	File	xxxxxx.xxxx	predictive	Medium
6	File	xxxxxxxxxxxxxxx.xxxx	predictive	Hög
7	File	xxxx.xxx	predictive	Medium
8	File	xx-xxxxx-xxxxxx.xxx	predictive	Hög
9	Library	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxxx_xxxx	predictive	Medium
11	Argument	xxx_xxxxxxxxx	predictive	Hög
12	Argument	xxx_xxxxx	predictive	Medium
13	Argument	xxxxxxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!