MoqHao Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en36
zh6
de4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA18
CN: China16
CO: Colombia10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MoqHao4
Roaming Mantis2
Gh0stRAT1
DPRK1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Backup Software2
Programming Language Software2
Operating System2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Openfind2
Proxmox2
Hancom2
Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

CKEditor44
Openfind Mail20002
Proxmox Backup Server2
Proxmox Mail Gateway2
Hancom Office2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1CKEditor4 Dialog Plugin resource consumption5.45.3$0-$5k$0-$5kNot definedOfficial fix 0.006040.00CVE-2022-24729
2CKEditor WYSIWYG Editor cross site scripting4.44.4$0-$5k$0-$5kNot definedOfficial fix 0.006710.03CVE-2022-24728
3Xiaomi Content Center App permission5.55.5$0-$5k$0-$5kNot definedNot defined 0.001680.00CVE-2020-14117
4Sage 1000 unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000190.00CVE-2024-48646
5Yunyou CMS Common.php unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000570.07CVE-2024-0648
6SolidWorks Desktop SLDPRT File use after free7.07.0$0-$5k$0-$5kNot definedNot defined 0.000520.00CVE-2023-2762
7SoftEther VPN Server See.sys Kernel 7pk security6.56.5$0-$5k$0-$5kNot definedNot defined 0.001280.06CVE-2019-11868
8Apache Xerces C++ External DTD Scanning use after free7.87.7$5k-$25k$0-$5kNot definedOfficial fix 0.001680.00CVE-2024-23807
9Apache Xerces-C XMLReader.cpp memory corruption9.89.6$25k-$100k$0-$5kNot definedOfficial fix 0.241940.08CVE-2016-0729
10Apache Xerces C++ XML Document DTDScanner.cpp use after free9.89.4$25k-$100k$0-$5kNot definedOfficial fix 0.029060.00CVE-2016-2099
11Oracle PeopleSoft Enterprise PeopleTools Apache Xerces memory corruption9.89.7$25k-$100k$5k-$25kNot definedOfficial fix 0.241940.00CVE-2016-0729
12HCL BigFix Platform xerces-c++ integer overflow7.87.7$0-$5k$0-$5kNot definedNot defined 0.010840.01CVE-2023-37536
13libxml2 NEXTL Macro parser.c xmlParserHandlePEReference memory corruption9.89.6$0-$5k$0-$5kNot definedOfficial fix 0.010860.00CVE-2017-16931
14libxml2 XML Reader Interface xmlValidatePopElement use after free6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.001500.00CVE-2024-25062
15Hancom Office HWord use after free7.67.6$0-$5k$0-$5kNot definedNot defined 0.002480.00CVE-2023-32541
16PHP pdo_mysql buffer overflow7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.148260.00CVE-2022-31626
17CKEditor4 Advanced Content Filter cross site scripting5.75.7$0-$5k$0-$5kNot definedOfficial fix 0.000790.04CVE-2021-41164
18CKEditor4 HTML Processing Module HTML injection5.85.8$0-$5k$0-$5kNot definedOfficial fix 0.001350.00CVE-2021-41165
19CKeditor4 HTML Parsing Module HTML injection5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.001550.08CVE-2024-24815
20CKeditor4 cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.170880.03CVE-2024-24816

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.124.36.25MoqHao03/20/2022verifiedLow
2XXX.XXX.XX.XXXXxxxxx07/18/2022verifiedMedium
3XXX.XXX.XXX.XXXXxxxxx07/18/2022verifiedMedium
4XXX.XXX.XXX.XXXxxxxx07/18/2022verifiedMedium
5XXX.XXX.XX.XXXxxxxx07/18/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/app/index/controller/Common.phppredictiveHigh
2File/app/options.pypredictiveHigh
3File/uncpath/predictiveMedium
4Filexxxx/xxx/xxxx/xxxx/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
5Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
7Filexxxxxx.xpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxxxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
10Library/xxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
11Libraryxxx.xxxpredictiveLow
12Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
13Argumentxxx_xxxxxxxxxpredictiveHigh
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxxxxpredictiveLow
16ArgumentxxxxxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!