Mofang Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en208
zh12
de10
ru4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us174
cn46
tk4
at4
br2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mofang10
Cobalt Strike2
BlackTechq1
TrickBot1
MsraMiner1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined64
Operating System24
Firewall Software16
WordPress Plugin10
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
Microsoft24
Palo Alto12
Linux8
Apache8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Palo Alto PAN-OS12
Linux Kernel8
WordPress6
OpenSSH6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2SysAid On-Premise path traversal7.67.5$0-$5kCalculatingHighOfficial Fix0.050.94027CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00503CVE-2022-37889
4PAN-OS improper authentication7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00368CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.5$0-$5k$0-$5kHighOfficial Fix0.040.00927CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01163CVE-2020-12640
7Softnext SPAM SQR code injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00143CVE-2023-24835
8Mastodon Media File path traversal8.17.9$0-$5kCalculatingNot DefinedOfficial Fix0.030.00408CVE-2023-36460
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.790.00943CVE-2010-0966
10Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00196CVE-2020-11878
11Microsoft Windows Delivery Optimization Service privileges management8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00043CVE-2020-1392
12Palo Alto PAN-OS cleartext transmission5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00199CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode config6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00206CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute path traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00178CVE-2015-8794
15phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00164CVE-2019-6798
16Palo Alto PAN-OS Web Interface xml validation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00104CVE-2020-1975
17Palo Alto PAN-OS insufficient permissions or privileges7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00044CVE-2019-17437
18Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00474CVE-2011-1571
19Devana profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00122CVE-2010-2673
20ArmorX Spam sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00155CVE-2023-48384

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
122.2.0.31Mofang12/23/2020verifiedHigh
223.89.200.128Mofang12/18/2020verifiedHigh
323.89.201.173Mofang12/18/2020verifiedHigh
438.109.190.55lauras-creative-catering.comMofang12/18/2020verifiedHigh
549.213.18.15Mofang12/18/2020verifiedHigh
6XX.XXX.XX.XXXxxxxx12/18/2020verifiedHigh
7XX.XXX.XX.XXXxxxxx12/18/2020verifiedHigh
8XX.XXX.XX.XXXxxxxx12/18/2020verifiedHigh
9XXX.XX.XX.XXXXxxxxx12/18/2020verifiedHigh
10XXX.XXX.XXX.XXxxxxx12/18/2020verifiedHigh
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx12/18/2020verifiedMedium
12XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedHigh
13XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedHigh
14XXX.XXX.XXX.XXXxxxxx12/18/2020verifiedHigh
15XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedHigh
16XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedHigh
17XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedHigh
18XXX.XX.XX.XXXxxxxx12/18/2020verifiedHigh
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedHigh
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx12/18/2020verifiedHigh
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedHigh
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx12/18/2020verifiedHigh
23XXX.XXX.XXX.XXXXxxxxx12/18/2020verifiedHigh
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx12/18/2020verifiedHigh
25XXX.XXX.XX.XXxxxxx.xxXxxxxx12/18/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/index.phppredictiveHigh
3File/cgi-mod/lookup.cgipredictiveHigh
4File/getcfg.phppredictiveMedium
5File/ipms/imageConvert/imagepredictiveHigh
6File/message/ajax/send/predictiveHigh
7File/proc/self/environpredictiveHigh
8File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictiveHigh
9File/v2/customerdb/operator.svc/apredictiveHigh
10Fileadd_comment.phppredictiveHigh
11Fileapp/controllers/application_controller.rbpredictiveHigh
12Fileapplication\api\controller\User.phppredictiveHigh
13Fileblog.phppredictiveMedium
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxpredictiveMedium
20Filexxxx/xxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxxxx/xxxpredictiveMedium
23Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxx.xxpredictiveMedium
27Filexxxx_xxxxx.xxxpredictiveHigh
28Filexx/xxxxxx_xxx.xpredictiveHigh
29Filexx/xxxx/xxx.xpredictiveHigh
30Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
36Filexxxxx.xxxxpredictiveMedium
37Filexxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxx_xxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxxx.xxx.xxxpredictiveHigh
41Filexxxxx_xxxxxx.xxxpredictiveHigh
42Filexxxxxxx_xxxx.xxxpredictiveHigh
43Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
45Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
50Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx.xpredictiveMedium
53Filexxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxx/xxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxxxx.xpredictiveMedium
57Filexxx-xxxxxxx.xpredictiveHigh
58Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
59Filexxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxxx.xxxpredictiveMedium
62Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
63Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
64Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxxxxxx.xxxxpredictiveHigh
67Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
68Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveHigh
69Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveHigh
70Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
71Libraryxxxx/xxxxxxx.xpredictiveHigh
72Libraryxxxxxxxx.xxxpredictiveMedium
73Libraryxxxxxxxx.xxxpredictiveMedium
74Libraryxxxxxx.xxxpredictiveMedium
75Argument$xxxxpredictiveLow
76Argument--xxxxxx/--xxxxxxxxpredictiveHigh
77Argument-xpredictiveLow
78ArgumentxxxxxxpredictiveLow
79Argumentxxxx_xxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxx[xxxxxx][xxxxxxxxx]predictiveHigh
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxx$xxx$xxxxxxxxxxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88ArgumentxxpredictiveLow
89Argumentxx/xxxxxxpredictiveMedium
90Argumentxxx_xxxxxxxxxxxpredictiveHigh
91Argumentxx-xxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxpredictiveLow
95Argumentxxxx/xxxxxxxxxxxpredictiveHigh
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxpredictiveLow
101Argumentxxxx_xxpredictiveLow
102ArgumentxxxxxxxxxpredictiveMedium
103Argumentxxxx_xxx_xxxxpredictiveHigh
104Argumentxxxxxxxx/xxpredictiveMedium
105ArgumentxxxpredictiveLow
106Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
107Argumentxx_xxxxxxxpredictiveMedium
108Argument_xxxpredictiveLow
109Argument_xxxxpredictiveLow
110Argument_xxxxpredictiveLow
111Input Value@xxxxxxxx.xxxpredictiveHigh
112Network Portxxx/xxxxpredictiveMedium
113Network Portxxx/xxxx (xx-xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!