pymafka 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

时间轴

语言

zh22
en20

国家/地区

cn40

演员

pymafka1
Cobalt Strike1

活动

利益

时间轴

类型

Not Defined14
Operating System10
Web Server6
Web Browser2
Smartphone Operating System2

供应商

Not Defined10
Linux8
Microsoft6
Google4
SpringSource2

产品

Linux Kernel8
Microsoft IIS4
dedecmdv64
SpringSource Spring Framework2
Tombstone smNews2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Linux Kernel IPv6 ipv6_renew_options 拒绝服务5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-3524
2Plone lxml Parser 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001780.00CVE-2021-33511
3SpringSource Spring Framework class.classLoader.URLs[0]=jar 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.036410.05CVE-2010-1622
4Microsoft Windows win32k.sys xxxMenuWindowProc 拒绝服务5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.03
5Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg 信息公开6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2021-27364
6jQuery 跨网站脚本4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001400.06CVE-2020-23064
7Easy Bootstrap Shortcode Plugin Shortcode Attribute 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.02CVE-2022-4576
8Sophos Web Appliance Warn-proceed 权限升级9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.967910.03CVE-2023-1671
9Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob 内存损坏7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003110.06CVE-2023-0210
10Linux Kernel fs-writeback.c inode_cgwb_move_to_attached 内存损坏6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.04CVE-2023-26605
11Linux Kernel bitmap.c ntfs_trim_fs 内存损坏6.66.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.02CVE-2023-26606
12Linux Kernel attrib.c ntfs_attr_find 信息公开6.36.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.02CVE-2023-26607
13WordPress SQL注入6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
14dedecmdv6 file_manage_control.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.003970.00CVE-2022-44118
15dedecmdv6 sys_sql_query.php SQL注入7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001200.02CVE-2022-44120
16Microsoft Windows Graphics Privilege Escalation8.17.9$25k-$100k$5k-$25kHighOfficial Fix0.825130.04CVE-2023-21823
17ArcGIS Server SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.03CVE-2021-29099
18RealNetworks RealPlayer G2 Control 跨网站脚本3.53.4$0-$5k$5k-$25kNot DefinedNot Defined0.003730.00CVE-2022-32269
19Microsoft Windows Common Log File System Driver Privilege Escalation8.37.3$100k 以及更多$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-43226
20Google Chrome Animation 内存损坏6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.070580.06CVE-2022-0609

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
139.106.227.92pymafka2022-07-30verified
2XX.XXX.XXX.XXXxxxxxx2022-07-30verified
3XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2022-07-30verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-94Argument Injectionpredictive
2T1059.007CWE-79Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileauth.cpredictive
2Fileclass.classLoader.URLs[0]=jarpredictive
3Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictive
4Filexxxx_xxxxxx_xxxxxxx.xxxpredictive
5Filexx/xx-xxxxxxxxx.xpredictive
6Filexx/xxxx/xxxxxx.xpredictive
7Filexx/xxxxx/xxxxxx.xpredictive
8Filexxxxx.xxxpredictive
9Filexxx_xxx_xxxxx.xxxpredictive
10Libraryxxxxxx.xxxpredictive
11Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictive
12Argumentxx_xxxpredictive
13Argumentxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!