Ponmocup Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en23
de1

Country

us9
in5
ly3
tr1
au1

Actors

Ponmocup24

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.65CVE-2020-12440
2Microsoft Windows WPAD data processing8.58.2$25k-$100k$0-$5kHighOfficial Fix0.09CVE-2016-3236
3ImageMagick mogrify.c MogrifyImageList input validation5.44.7$0-$5k$0-$5kNot DefinedOfficial Fix0.96CVE-2017-18252
4ProFTPD mod_sqlpw privileges management7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2001-0027
5Techno Dreams Announcement script login.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.02CVE-2005-3383
6Microsoft Windows WebDav access control6.56.3$25k-$100k$0-$5kHighOfficial Fix0.05CVE-2016-0051
7Hoosk add cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-7590
8Oracle Solaris CDE Calendar access control9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2017-3632
9F5 BIG-IP RADIUS Authentication input validation3.33.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-5515
10IBM InfoSphere DataStage access control5.95.9$25k-$100k$5k-$25kNot DefinedNot Defined0.05CVE-2015-1900
11ProFTPD link following5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-7418
12Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-8014
13libav libavcodec vc1dec.c vc1_decode_frame memory corruption5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2018-19130
14Oracle Database Server TRANSFORM memory corruption9.99.9$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2007-5897
15Intelliants Subrion CMS cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2017-6002
16Easy Software Products CUPS HPGL File ParseCommand memory corruption5.04.5$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2004-1267
17PhonePe Wallet com.PhonePe.app credentials management7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2018-17403
18Microsoft MS-DOS/Windows Carbon Copy 32 information disclosure3.33.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.07
19Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.56CVE-2017-0055
20Zentrack index.php path traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.06

IOC - Indicator of Compromise (51)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1211CWE-2547PK Security FeaturesHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/users/new/addHigh
2File/uncpath/Medium
3Fileadmin/blog/add/High
4Filexxxxx/xxxxx.xxxHigh
5Filexxx.xxxxxxx.xxxHigh
6Filexxxxx.xxxMedium
7Filexxxxxxxxxx/xxxxxx.xHigh
8Filexxxxxxxxxx/xxxxxxx.xHigh
9ArgumentxxxxLow
10ArgumentxxxxxxxxxxMedium
11ArgumentxxxxLow
12ArgumentxxxxxxLow
13Input Value\xxx../../../../xxx/xxxxxxHigh

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!