pymafka Analys

IOB - Indicator of Behavior (42)

Tidslinje

Lang

zh22
en20

Land

cn40

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Linux Kernel8
Microsoft Windows6
Google Android4
Google Chrome4
Host2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Linux Kernel IPv6 ipv6_renew_options förnekande av tjänsten5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.230.00042CVE-2022-3524
2Plone lxml Parser privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00178CVE-2021-33511
3SpringSource Spring Framework class.classLoader.URLs[0]=jar privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.04262CVE-2010-1622
4Microsoft Windows win32k.sys xxxMenuWindowProc förnekande av tjänsten5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.040.00000
5Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg informationsgivning6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00088CVE-2021-27364
6jQuery cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.080.00140CVE-2020-23064
7Easy Bootstrap Shortcode Plugin Shortcode Attribute cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00056CVE-2022-4576
8Sophos Web Appliance Warn-proceed privilegier eskalering9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.96156CVE-2023-1671
9Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob minneskorruption7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.00178CVE-2023-0210
10Linux Kernel fs-writeback.c inode_cgwb_move_to_attached minneskorruption6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.040.00043CVE-2023-26605
11Linux Kernel bitmap.c ntfs_trim_fs minneskorruption6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.00043CVE-2023-26606
12Linux Kernel attrib.c ntfs_attr_find informationsgivning6.36.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.00043CVE-2023-26607
13WordPress sql injektion6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00467CVE-2022-21664
14dedecmdv6 file_manage_control.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00397CVE-2022-44118
15dedecmdv6 sys_sql_query.php sql injektion7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00120CVE-2022-44120
16Microsoft Windows Graphics Privilege Escalation8.17.9$25k-$100k$5k-$25kHighOfficial Fix0.040.82859CVE-2023-21823
17ArcGIS Server sql injektion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00073CVE-2021-29099
18RealNetworks RealPlayer G2 Control cross site scripting3.53.4$0-$5k$5k-$25kNot DefinedNot Defined0.000.00373CVE-2022-32269
19Microsoft Windows Common Log File System Driver Privilege Escalation8.37.3$100k och mer$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2021-43226
20Google Chrome Animation minneskorruption6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.020.05681CVE-2022-0609

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
139.106.227.92pymafka30/07/2022verifiedHög
2XX.XXX.XXX.XXXxxxxxx30/07/2022verifiedHög
3XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx30/07/2022verifiedHög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1059CWE-94Argument InjectionpredictiveHög
2T1059.007CWE-79Cross Site ScriptingpredictiveHög
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1Fileauth.cpredictiveLåg
2Fileclass.classLoader.URLs[0]=jarpredictiveHög
3Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHög
4Filexxxx_xxxxxx_xxxxxxx.xxxpredictiveHög
5Filexx/xx-xxxxxxxxx.xpredictiveHög
6Filexx/xxxx/xxxxxx.xpredictiveHög
7Filexx/xxxxx/xxxxxx.xpredictiveHög
8Filexxxxx.xxxpredictiveMedium
9Filexxx_xxx_xxxxx.xxxpredictiveHög
10Libraryxxxxxx.xxxpredictiveMedium
11Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHög
12Argumentxx_xxxpredictiveLåg
13ArgumentxxxxxxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!