pymafka Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	22
zh	18
ko	2

Country

cn	40

Actors

pymafka	1
Cobalt Strike	1

Activities

Interest

Timeline

Type

Not Defined	12
Web Browser	8
Operating System	8
Smartphone Operating System	2
WordPress Plugin	2

Vendor

Not Defined	12
Google	10
Linux	8
X.org	2
Microsoft	2

Product

Google Chrome	8
Linux Kernel	8
Host	2
Google Android	2
Easy Bootstrap Shortcode Plugin	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Linux Kernel IPv6 ipv6_renew_options memory leak	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-3524
2	Plone lxml Parser server-side request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00178	0.00	CVE-2021-33511
3	SpringSource Spring Framework class.classLoader.URLs[0]=jar code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03641	0.04	CVE-2010-1622
4	Microsoft Windows win32k.sys xxxMenuWindowProc denial of service	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.03
5	Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg out-of-bounds	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00088	0.00	CVE-2021-27364
6	jQuery cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00135	0.26	CVE-2020-23064
7	Easy Bootstrap Shortcode Plugin Shortcode Attribute cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.02	CVE-2022-4576
8	Sophos Web Appliance Warn-proceed command injection	9.8	9.6	$0-$5k	$0-$5k	High	Official Fix	0.96886	0.00	CVE-2023-1671
9	Linux Kernel ksmbd auth.c ksmbd_decode_ntlmssp_auth_blob memory corruption	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00374	0.04	CVE-2023-0210
10	Linux Kernel fs-writeback.c inode_cgwb_move_to_attached use after free	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2023-26605
11	Linux Kernel bitmap.c ntfs_trim_fs use after free	6.6	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2023-26606
12	Linux Kernel attrib.c ntfs_attr_find out-of-bounds	6.3	6.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-2023-26607
13	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.07	CVE-2022-21664
14	dedecmdv6 file_manage_control.php Privilege Escalation	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00390	0.00	CVE-2022-44118
15	dedecmdv6 sys_sql_query.php sql injection	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00137	0.02	CVE-2022-44120
16	Microsoft Windows Graphics Privilege Escalation	8.1	7.9	$25k-$100k	$5k-$25k	High	Official Fix	0.74737	0.08	CVE-2023-21823
17	ArcGIS Server sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.04	CVE-2021-29099
18	RealNetworks RealPlayer G2 Control cross site scripting	3.5	3.4	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00373	0.00	CVE-2022-32269
19	Microsoft Windows Common Log File System Driver Privilege Escalation	8.3	7.3	$100k and more	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2021-43226
20	Google Chrome Animation use after free	6.3	6.0	$25k-$100k	$5k-$25k	High	Official Fix	0.07058	0.07	CVE-2022-0609

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	39.106.227.92		pymafka	07/30/2022	verified	High
2	XX.XXX.XXX.XX		Xxxxxxx	07/30/2022	verified	High
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	07/30/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	auth.c	predictive	Low
2	File	class.classLoader.URLs[0]=jar	predictive	High
3	File	xxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.x	predictive	High
4	File	xxxx_xxxxxx_xxxxxxx.xxx	predictive	High
5	File	xx/xx-xxxxxxxxx.x	predictive	High
6	File	xx/xxxx/xxxxxx.x	predictive	High
7	File	xx/xxxxx/xxxxxx.x	predictive	High
8	File	xxxxx.xxx	predictive	Medium
9	File	xxx_xxx_xxxxx.xxx	predictive	High
10	Library	xxxxxx.xxx	predictive	Medium
11	Argument	xxxxx.xxxxxxxxxxx.xxxx[x]=xxx	predictive	High
12	Argument	xx_xxx	predictive	Low
13	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!