MalKamak Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	20
zh	2

Country

cn	18
us	2

Actors

MalKamak	2

Activities

Interest

Timeline

Type

Not Defined	14
Web Server	2
Operating System	2
WordPress Plugin	2
SSH Server Software	2

Vendor

Not Defined	6
Apache	4
NetCommWireless	2
Watchguard	2
Microsoft	2

Product

NetCommWireless HSPA 3G10WVE	2
Watchguard Fireware	2
Apache HTTP Server	2
snapd	2
Microsoft Windows	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	WP Super Cache Plugin Cache Settings wp-cache-config.php code injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2021-24209
2	Microsoft Windows Terminal Services/Citrix Server improper authentication	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.05
3	Microsoft Windows Remote Desktop mstlsapi.dll improper authentication	6.5	6.2	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01760	0.03	CVE-2005-1794
4	Apache HTTP Server Inbound Connection request smuggling	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01192	0.04	CVE-2022-22720
5	Apache Dubbo deserialization	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01134	0.00	CVE-2022-39198
6	Google Android Layout.java getOffsetForHorizontal input validation	4.7	4.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00277	0.03	CVE-2018-9452
7	Google Android PackageItemInfo.java loadLabel denial of service	6.0	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-0651
8	Wind River VxWorks TCP memory corruption	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93678	0.03	CVE-2019-12255
9	spice-vdagentd File Transfer spice-vdagent-sock allocation of resources	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.00	CVE-2020-25650
10	Foxit Reader/PhantomPDF FXSYS_wcslen null pointer dereference	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-20829
11	Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 HTTP Request cgi_lan.cgi input validation	7.5	6.8	$0-$5k	$0-$5k	High	Temporary Fix	0.70193	0.00	CVE-2013-4615
12	snapd snap-confine tmp link following	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00470	0.00	CVE-2019-11502
13	Facebook WhatsApp MP4 File stack-based overflow	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00085	0.07	CVE-2019-11931
14	Microsoft Windows File Signature Validation signature verification	5.7	5.2	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.00131	0.00	CVE-2020-16922
15	Pivotal Spring Framework Read path traversal	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00301	0.02	CVE-2014-3578
16	Watchguard Fireware AD Helper list Password cleartext storage	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02027	0.00	CVE-2020-10532
17	Dropbear SSH Shell Command Restriction crlf injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02835	0.04	CVE-2016-3116
18	NetCommWireless HSPA 3G10WVE ping.cgi command injection	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01660	0.00	CVE-2015-6024
19	NetCommWireless HSPA 3G10WVE ping.cgi access control	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00825	0.00	CVE-2015-6023
20	Adcon Telemetry A850 Telemetry Gateway Base Station Web Interface cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00084	0.00	CVE-2016-2274

Campaigns (1)

These are the campaigns that can be associated with the actor:

GhostShell

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	50.116.17.41	li601-41.members.linode.com	MalKamak	GhostShell	10/08/2021	verified	High
2	XXX.XXX.XXX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	Xxxxxxxxxx	10/08/2021	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/domains/list	predictive	High
2	File	/run/spice-vdagentd/spice-vdagent-sock	predictive	High
3	File	/xxx	predictive	Low
4	File	xxxxxxx/xxxxx_xxxxx/xxx_xxx.xxx	predictive	High
5	File	xxxxxx.xxxx	predictive	Medium
6	File	xxxxxxxxxxxxxxx.xxxx	predictive	High
7	File	xxxx.xxx	predictive	Medium
8	File	xx-xxxxx-xxxxxx.xxx	predictive	High
9	Library	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxxx_xxxx	predictive	Medium
11	Argument	xxx_xxxxxxxxx	predictive	High
12	Argument	xxx_xxxxx	predictive	Medium
13	Argument	xxxxxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!