Mofang Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (245)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en212
de12
zh10
es4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA176
CN: China42
AT: Austria8
SG: Singapore4
ID: Indonesia4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mofang10
Cobalt Strike2
Meterpreter1
NetSupportManager RAT1
Pikabot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined66
Operating System22
Content Management System16
Firewall Software14
Router Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Microsoft26
Oracle6
Linux6
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
RoundCube8
Linux Kernel6
WordPress6
Exim4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2SysAid On-Premise path traversal8.48.3$0-$5k$0-$5kHighOfficial Fix0.951210.07CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.005570.00CVE-2022-37889
4PAN-OS improper authentication7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.00CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.05CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7RoundCube DBMail Driver injection8.88.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003090.00CVE-2015-2180
8Softnext SPAM SQR code injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
9Mastodon Media File path traversal8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004210.00CVE-2023-36460
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
11Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
12Microsoft Windows Delivery Optimization Service privileges management8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2020-1392
13Palo Alto PAN-OS cleartext transmission5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
14Palo Alto PAN-OS Maintenance Mode config6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
15RoundCube Contact Photo photo.inc Absolute path traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.00CVE-2015-8794
16phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001570.00CVE-2019-6798
17Palo Alto PAN-OS Web Interface xml validation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2020-1975
18Palo Alto PAN-OS insufficient permissions or privileges7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2019-17437
19Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009950.04CVE-2011-1571
20Devana profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002920.00CVE-2010-2673

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
122.2.0.31Mofang12/23/2020verifiedLow
223.89.200.128Mofang12/18/2020verifiedLow
323.89.201.173Mofang12/18/2020verifiedLow
438.109.190.55lauras-creative-catering.comMofang12/18/2020verifiedLow
549.213.18.15Mofang12/18/2020verifiedLow
6XX.XXX.XX.XXXxxxxx12/18/2020verifiedLow
7XX.XXX.XX.XXXxxxxx12/18/2020verifiedLow
8XX.XXX.XX.XXXxxxxx12/18/2020verifiedLow
9XXX.XX.XX.XXXXxxxxx12/18/2020verifiedLow
10XXX.XXX.XXX.XXxxxxx12/18/2020verifiedLow
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx12/18/2020verifiedVery Low
12XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedLow
13XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedLow
14XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedLow
15XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedLow
16XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedLow
17XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedLow
18XXX.XX.XX.XXXxxxxx12/18/2020verifiedLow
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedLow
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx12/18/2020verifiedLow
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedLow
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedLow
23XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedLow
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx12/18/2020verifiedLow
25XXX.XXX.XX.XXxxxxx.xxXxxxxx12/18/2020verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/index.phppredictiveHigh
3File/api/wechat/app_authpredictiveHigh
4File/cgi-mod/lookup.cgipredictiveHigh
5File/getcfg.phppredictiveMedium
6File/ipms/imageConvert/imagepredictiveHigh
7File/message/ajax/send/predictiveHigh
8File/proc/self/environpredictiveHigh
9File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictiveHigh
10File/v2/customerdb/operator.svc/apredictiveHigh
11Fileadd_comment.phppredictiveHigh
12Fileapp/controllers/application_controller.rbpredictiveHigh
13Fileapplication\api\controller\User.phppredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
17Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxpredictiveMedium
21Filexxxx/xxxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxx.xxxpredictiveHigh
23Filexxxxxx/xxxpredictiveMedium
24Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxx.xxpredictiveMedium
28Filexxxx_xxxxx.xxxpredictiveHigh
29Filexx/xxxxxx_xxx.xpredictiveHigh
30Filexx/xxxx/xxx.xpredictiveHigh
31Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
32Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxxx/xxxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxx_xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxx.xxx.xxxpredictiveHigh
42Filexxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxxx_xxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
45Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
47Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
51Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxx.xpredictiveMedium
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxxx.xpredictiveMedium
58Filexxx-xxxxxxx.xpredictiveHigh
59Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
60Filexxxx_xxxx.xxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxx.xxxpredictiveMedium
63Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
64Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
65Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
66Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxxxx.xxxxpredictiveHigh
68Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
69File\xxxxx\xxx\xxxxxxxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
70Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveHigh
71Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveHigh
72Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
73Libraryxxxx/xxxxxxx.xpredictiveHigh
74Libraryxxxxxxxx.xxxpredictiveMedium
75Libraryxxxxxxxx.xxxpredictiveMedium
76Libraryxxxxxx.xxxpredictiveMedium
77Argument$xxxxpredictiveLow
78Argument--xxxxxx/--xxxxxxxxpredictiveHigh
79Argument-xpredictiveLow
80ArgumentxxxxxxpredictiveLow
81Argumentxxxx_xxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83Argumentxxx[xxxxxx][xxxxxxxxx]predictiveHigh
84ArgumentxxxxxxxpredictiveLow
85Argumentxxxxx$xxx$xxxxxxxxxxxpredictiveHigh
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxpredictiveLow
90ArgumentxxxxxpredictiveLow
91ArgumentxxpredictiveLow
92Argumentxx/xxxxxxpredictiveMedium
93Argumentxxx_xxxxxxxxxxxpredictiveHigh
94Argumentxx-xxxpredictiveLow
95ArgumentxxxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98Argumentxxxx/xxxxxxxxxxxpredictiveHigh
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104Argumentxxxx_xxpredictiveLow
105ArgumentxxxxxxxxxpredictiveMedium
106Argumentxxxx_xxx_xxxxpredictiveHigh
107Argumentxxxxxxxx/xxpredictiveMedium
108ArgumentxxxpredictiveLow
109Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
110Argumentxx_xxxxxxxpredictiveMedium
111Argument_xxxpredictiveLow
112Argument_xxxxpredictiveLow
113Argument_xxxxpredictiveLow
114Input Value@xxxxxxxx.xxxpredictiveHigh
115Network Portxxx/xxxxpredictiveMedium
116Network Portxxx/xxxx (xx-xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!