Mofang Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

Cronología

Idioma

en202
de14
zh8
pl4
ja4

País

us172
cn34
ru6
tk6
at6

Actores

Mofang8
Cobalt Strike2
BlackTechq1
TrickBot1
MsraMiner1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined78
Operating System24
Firewall Software18
Content Management System14
Mail Client Software8

Proveedor

Not Defined76
Microsoft26
Palo Alto10
Linux8
Apache6

Producto

Microsoft Windows14
Palo Alto PAN-OS10
Linux Kernel8
RoundCube8
WordPress6

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2SysAid On-Premise directory traversal7.67.5$0-$5k$0-$5kHighOfficial Fix0.934570.04CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol desbordamiento de búfer9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005030.00CVE-2022-37889
4PAN-OS autenticación débil7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition autenticación débil7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php directory traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR escalada de privilegios7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.04CVE-2023-24835
8Mastodon Media File directory traversal8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004080.04CVE-2023-36460
9DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.95CVE-2010-0966
10Jitsi Meet autenticación débil8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
11Microsoft Windows Delivery Optimization Service escalada de privilegios8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2020-1392
12Palo Alto PAN-OS cifrado débil5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode denegación de servicio6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute directory traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
15phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798
16Palo Alto PAN-OS Web Interface Privilege Escalation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2020-1975
17Palo Alto PAN-OS escalada de privilegios7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-17437
18Liferay Portal escalada de privilegios9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005780.00CVE-2011-1571
19Devana profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-2673
20ArmorX Spam sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001550.00CVE-2023-48384

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
122.2.0.31Mofang2020-12-23verifiedAlto
223.89.200.128Mofang2020-12-18verifiedAlto
323.89.201.173Mofang2020-12-18verifiedAlto
438.109.190.55lauras-creative-catering.comMofang2020-12-18verifiedAlto
549.213.18.15Mofang2020-12-18verifiedAlto
6XX.XXX.XX.XXXxxxxx2020-12-18verifiedAlto
7XX.XXX.XX.XXXxxxxx2020-12-18verifiedAlto
8XX.XXX.XX.XXXxxxxx2020-12-18verifiedAlto
9XXX.XX.XX.XXXXxxxxx2020-12-18verifiedAlto
10XXX.XXX.XXX.XXxxxxx2020-12-18verifiedAlto
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx2020-12-18verifiedMedio
12XXX.XXX.XXX.XXXxxxxx2020-12-18verifiedAlto
13XXX.XXX.XXX.XXXxxxxx2020-12-18verifiedAlto
14XXX.XXX.XXX.XXXxxxxx2020-12-18verifiedAlto
15XXX.XXX.XXX.XXXXxxxxx2020-12-18verifiedAlto
16XXX.XXX.XXX.XXXXxxxxx2020-12-18verifiedAlto
17XXX.XXX.XXX.XXXXxxxxx2020-12-18verifiedAlto
18XXX.XX.XX.XXXxxxxx2020-12-18verifiedAlto
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020-12-18verifiedAlto
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx2020-12-18verifiedAlto
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020-12-18verifiedAlto
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020-12-18verifiedAlto
23XXX.XXX.XXX.XXXXxxxxx2020-12-18verifiedAlto
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx2020-12-18verifiedAlto
25XXX.XXX.XX.XXxxxxx.xxXxxxxx2020-12-18verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File.htaccesspredictiveMedio
2File/admin/index.phppredictiveAlto
3File/cgi-mod/lookup.cgipredictiveAlto
4File/getcfg.phppredictiveMedio
5File/ipms/imageConvert/imagepredictiveAlto
6File/message/ajax/send/predictiveAlto
7File/proc/self/environpredictiveAlto
8File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictiveAlto
9File/v2/customerdb/operator.svc/apredictiveAlto
10Fileadd_comment.phppredictiveAlto
11Fileapp/controllers/application_controller.rbpredictiveAlto
12Fileapplication\api\controller\User.phppredictiveAlto
13Fileblog.phppredictiveMedio
14Filexxxxxxxx.xxxpredictiveMedio
15Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
16Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictiveAlto
17Filexxxxxxxxxx.xxxpredictiveAlto
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
19Filexxxx/xxxxpredictiveMedio
20Filexxxx/xxxxx.xxxpredictiveAlto
21Filexxxx/xxxxxxx.xxxpredictiveAlto
22Filexxxxxx/xxxpredictiveMedio
23Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveAlto
24Filexxxxx.xxxpredictiveMedio
25Filexxxx.xxxpredictiveMedio
26Filexxxxx.xxpredictiveMedio
27Filexxxx_xxxxx.xxxpredictiveAlto
28Filexx/xxxxxx_xxx.xpredictiveAlto
29Filexx/xxxx/xxx.xpredictiveAlto
30Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveAlto
32Filexxx/xxxxxx.xxxpredictiveAlto
33Filexxxxx.xxxpredictiveMedio
34Filexxxx.xxxpredictiveMedio
35Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveAlto
36Filexxxxx.xxxxpredictiveMedio
37Filexxxxxx/xxxxx.xxxpredictiveAlto
38Filexxxxxxxx.xxxpredictiveMedio
39Filexxxxx_xxxxxxx.xxxpredictiveAlto
40Filexxxxxxxxxx.xxx.xxxpredictiveAlto
41Filexxxxx_xxxxxx.xxxpredictiveAlto
42Filexxxxxxx_xxxx.xxxpredictiveAlto
43Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveAlto
44Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveAlto
45Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveAlto
46Filexxxxx_xxxxxx_xxx.xxxpredictiveAlto
47Filexxxxxxxx.xxxpredictiveMedio
48Filexxxxxxxx.xxxpredictiveMedio
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
50Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
51Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictiveAlto
52Filexxxxxxxxx.xpredictiveMedio
53Filexxxxxxxxxxxx.xxxpredictiveAlto
54Filexxxxx/xxxxx.xxxpredictiveAlto
55Filexxxxx.xxxpredictiveMedio
56Filexxxxxxxxxx.xpredictiveMedio
57Filexxx-xxxxxxx.xpredictiveAlto
58Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
59Filexxxx_xxxx.xxxpredictiveAlto
60Filexxxxxxx.xxxpredictiveMedio
61Filexxxxxx.xxxpredictiveMedio
62Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveAlto
63Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
64Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
66Filexxxxxxxxxxxxx.xxxxpredictiveAlto
67Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveAlto
68Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveAlto
69Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveAlto
70Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveAlto
71Libraryxxxx/xxxxxxx.xpredictiveAlto
72Libraryxxxxxxxx.xxxpredictiveMedio
73Libraryxxxxxxxx.xxxpredictiveMedio
74Libraryxxxxxx.xxxpredictiveMedio
75Argument$xxxxpredictiveBajo
76Argument--xxxxxx/--xxxxxxxxpredictiveAlto
77Argument-xpredictiveBajo
78ArgumentxxxxxxpredictiveBajo
79Argumentxxxx_xxxpredictiveMedio
80ArgumentxxxxxxxxpredictiveMedio
81Argumentxxx[xxxxxx][xxxxxxxxx]predictiveAlto
82ArgumentxxxxxxxpredictiveBajo
83Argumentxxxxx$xxx$xxxxxxxxxxxpredictiveAlto
84ArgumentxxxxpredictiveBajo
85ArgumentxxxxxpredictiveBajo
86ArgumentxxxxxxxpredictiveBajo
87ArgumentxxxxxpredictiveBajo
88ArgumentxxpredictiveBajo
89Argumentxx/xxxxxxpredictiveMedio
90Argumentxxx_xxxxxxxxxxxpredictiveAlto
91Argumentxx-xxxpredictiveBajo
92ArgumentxxxxxxpredictiveBajo
93ArgumentxxxxxxxxpredictiveMedio
94ArgumentxxxxxxpredictiveBajo
95Argumentxxxx/xxxxxxxxxxxpredictiveAlto
96ArgumentxxxxpredictiveBajo
97ArgumentxxxxxxxxpredictiveMedio
98ArgumentxxxxxxxxpredictiveMedio
99ArgumentxxxxpredictiveBajo
100ArgumentxxxxxxxpredictiveBajo
101Argumentxxxx_xxpredictiveBajo
102ArgumentxxxxxxxxxpredictiveMedio
103Argumentxxxx_xxx_xxxxpredictiveAlto
104Argumentxxxxxxxx/xxpredictiveMedio
105ArgumentxxxpredictiveBajo
106Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
107Argumentxx_xxxxxxxpredictiveMedio
108Argument_xxxpredictiveBajo
109Argument_xxxxpredictiveBajo
110Argument_xxxxpredictiveBajo
111Input Value@xxxxxxxx.xxxpredictiveAlto
112Network Portxxx/xxxxpredictiveMedio
113Network Portxxx/xxxx (xx-xxx)predictiveAlto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!