Mofang 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (243)

タイムライン

言語

en208
de16
zh12
es4
pl2

国・地域

us160
cn46
at8
ru4
tk4

アクター

Mofang9
Cobalt Strike2
DanaBot1
AsyncRAT1
Nanocore RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined64
Operating System32
Firewall Software20
Content Management System10
WordPress Plugin6

ベンダー

Not Defined62
Microsoft30
Palo Alto16
Apache10
Linux10

製品

Microsoft Windows20
Palo Alto PAN-OS16
Linux Kernel10
Apache HTTP Server6
WordPress4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2SysAid On-Premise ディレクトリトラバーサル7.67.5$0-$5k$0-$5kHighOfficial Fix0.935450.04CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol メモリ破損9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005570.00CVE-2022-37889
4PAN-OS 弱い認証7.47.4$0-$5k計算中Not DefinedNot Defined0.003680.04CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition 弱い認証7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.05CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php ディレクトリトラバーサル8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.07CVE-2023-24835
8Mastodon Media File ディレクトリトラバーサル8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004080.00CVE-2023-36460
9DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
10Jitsi Meet 弱い認証8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2020-11878
11Microsoft Windows Delivery Optimization Service 特権昇格8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2020-1392
12Palo Alto PAN-OS 弱い暗号化5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode サービス拒否6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute ディレクトリトラバーサル6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.00CVE-2015-8794
15phpMyAdmin Designer SQLインジェクション8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.04CVE-2019-6798
16Palo Alto PAN-OS Web Interface Privilege Escalation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2020-1975
17Palo Alto PAN-OS 特権昇格7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-17437
18Liferay Portal 特権昇格9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009950.04CVE-2011-1571
19Devana profile_view.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002920.00CVE-2010-2673
20Zhong Bang CRMEB SystemAttachmentServices.php videoUpload 特権昇格5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.22CVE-2023-2419

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
122.2.0.31Mofang2020年12月23日verified
223.89.200.128Mofang2020年12月18日verified
323.89.201.173Mofang2020年12月18日verified
438.109.190.55lauras-creative-catering.comMofang2020年12月18日verified
549.213.18.15Mofang2020年12月18日verified
6XX.XXX.XX.XXXxxxxx2020年12月18日verified
7XX.XXX.XX.XXXxxxxx2020年12月18日verified
8XX.XXX.XX.XXXxxxxx2020年12月18日verified
9XXX.XX.XX.XXXXxxxxx2020年12月18日verified
10XXX.XXX.XXX.XXxxxxx2020年12月18日verified
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx2020年12月18日verified
12XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
13XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
14XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
15XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
16XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
17XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
18XXX.XX.XX.XXXxxxxx2020年12月18日verified
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx2020年12月18日verified
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
23XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx2020年12月18日verified
25XXX.XXX.XX.XXxxxxx.xxXxxxxx2020年12月18日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/admin/index.phppredictive
3File/api/wechat/app_authpredictive
4File/cgi-mod/lookup.cgipredictive
5File/getcfg.phppredictive
6File/ipms/imageConvert/imagepredictive
7File/message/ajax/send/predictive
8File/proc/self/environpredictive
9File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictive
10File/v2/customerdb/operator.svc/apredictive
11Fileadd_comment.phppredictive
12Fileapp/controllers/application_controller.rbpredictive
13Fileapplication\api\controller\User.phppredictive
14Filexxxx.xxxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictive
17Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictive
18Filexxxxxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxx/xxxxpredictive
21Filexxxx/xxxxx.xxxpredictive
22Filexxxx/xxxxxxx.xxxpredictive
23Filexxxxxx/xxxpredictive
24Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxx.xxpredictive
28Filexxxx_xxxxx.xxxpredictive
29Filexx/xxxxxx_xxx.xpredictive
30Filexx/xxxx/xxx.xpredictive
31Filexxxx_xxxxxxx.xxx.xxxpredictive
32Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
33Filexxx/xxxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxxx.xxxpredictive
36Filexxxxxx/xxxxx/xxxxxxxx.xpredictive
37Filexxxxx.xxxxpredictive
38Filexxxxxx/xxxxx.xxxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxx_xxxxxxx.xxxpredictive
41Filexxxxxxxxxx.xxx.xxxpredictive
42Filexxxxx_xxxxxx.xxxpredictive
43Filexxxxxxx_xxxx.xxxpredictive
44Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
45Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictive
46Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
47Filexxxxx_xxxxxx_xxx.xxxpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
51Filexxxxxxxx_xxxxxx.xxxpredictive
52Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictive
53Filexxxxxxxxx.xpredictive
54Filexxxxxxxxxxxx.xxxpredictive
55Filexxxxx/xxxxx.xxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxxxxxxx.xpredictive
58Filexxx-xxxxxxx.xpredictive
59Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
60Filexxxx_xxxx.xxxpredictive
61Filexxxxxxx.xxxpredictive
62Filexxxxxx.xxxpredictive
63Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
64Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
65Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
66Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
67Filexxxxxxxxxxxxx.xxxxpredictive
68Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictive
69File\xxxxx\xxx\xxxxxxxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
70Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictive
71Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictive
72Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictive
73Libraryxxxx/xxxxxxx.xpredictive
74Libraryxxxxxxxx.xxxpredictive
75Libraryxxxxxxxx.xxxpredictive
76Libraryxxxxxx.xxxpredictive
77Argument$xxxxpredictive
78Argument--xxxxxx/--xxxxxxxxpredictive
79Argument-xpredictive
80Argumentxxxxxxpredictive
81Argumentxxxx_xxxpredictive
82Argumentxxxxxxxxpredictive
83Argumentxxx[xxxxxx][xxxxxxxxx]predictive
84Argumentxxxxxxxpredictive
85Argumentxxxxx$xxx$xxxxxxxxxxxpredictive
86Argumentxxxxpredictive
87Argumentxxxxxpredictive
88Argumentxxxxxxxxpredictive
89Argumentxxxxxxxpredictive
90Argumentxxxxxpredictive
91Argumentxxpredictive
92Argumentxx/xxxxxxpredictive
93Argumentxxx_xxxxxxxxxxxpredictive
94Argumentxx-xxxpredictive
95Argumentxxxxxxpredictive
96Argumentxxxxxxxxpredictive
97Argumentxxxxxxpredictive
98Argumentxxxx/xxxxxxxxxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxxxxxxpredictive
101Argumentxxxxxxxxpredictive
102Argumentxxxxpredictive
103Argumentxxxxxxxpredictive
104Argumentxxxx_xxpredictive
105Argumentxxxxxxxxxpredictive
106Argumentxxxx_xxx_xxxxpredictive
107Argumentxxxxxxxx/xxpredictive
108Argumentxxxpredictive
109Argumentxxxxxxxx/xxxxxxxxpredictive
110Argumentxx_xxxxxxxpredictive
111Argument_xxxpredictive
112Argument_xxxxpredictive
113Argument_xxxxpredictive
114Input Value@xxxxxxxx.xxxpredictive
115Network Portxxx/xxxxpredictive
116Network Portxxx/xxxx (xx-xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!