Mofang Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

Chronologie

Langue

en206
de16
zh8
pl2
ja2

De campagne

us176
cn38
at8
sg6
gs2

Acteurs

Mofang10
Cobalt Strike2
DanaBot1
AsyncRAT1
Nanocore RAT1

Activités

Intérêt

Chronologie

Taper

Not Defined52
Operating System32
Firewall Software18
Mail Client Software10
WordPress Plugin10

Fournisseur

Not Defined76
Microsoft30
Palo Alto12
Linux10
Apache10

Produit

Microsoft Windows18
Palo Alto PAN-OS12
Linux Kernel10
RoundCube8
Microsoft Office6

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2SysAid On-Premise directory traversal7.67.5$0-$5k$0-$5kHighOfficial Fix0.934570.04CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005030.00CVE-2022-37889
4PAN-OS authentification faible7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition authentification faible7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php directory traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR elévation de privilèges7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.04CVE-2023-24835
8Mastodon Media File directory traversal8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004080.04CVE-2023-36460
9DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.89CVE-2010-0966
10Jitsi Meet authentification faible8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.08CVE-2020-11878
11Microsoft Windows Delivery Optimization Service elévation de privilèges8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2020-1392
12Palo Alto PAN-OS chiffrement faible5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode dénie de service6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute directory traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
15phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798
16Palo Alto PAN-OS Web Interface Privilege Escalation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2020-1975
17Palo Alto PAN-OS elévation de privilèges7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-17437
18Liferay Portal elévation de privilèges9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005780.00CVE-2011-1571
19Devana profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-2673
20ArmorX Spam sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001550.00CVE-2023-48384

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
122.2.0.31Mofang23/12/2020verifiedÉlevé
223.89.200.128Mofang18/12/2020verifiedÉlevé
323.89.201.173Mofang18/12/2020verifiedÉlevé
438.109.190.55lauras-creative-catering.comMofang18/12/2020verifiedÉlevé
549.213.18.15Mofang18/12/2020verifiedÉlevé
6XX.XXX.XX.XXXxxxxx18/12/2020verifiedÉlevé
7XX.XXX.XX.XXXxxxxx18/12/2020verifiedÉlevé
8XX.XXX.XX.XXXxxxxx18/12/2020verifiedÉlevé
9XXX.XX.XX.XXXXxxxxx18/12/2020verifiedÉlevé
10XXX.XXX.XXX.XXxxxxx18/12/2020verifiedÉlevé
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx18/12/2020verifiedMoyen
12XXX.XXX.XXX.XXXxxxxx18/12/2020verifiedÉlevé
13XXX.XXX.XXX.XXXxxxxx18/12/2020verifiedÉlevé
14XXX.XXX.XXX.XXXxxxxx18/12/2020verifiedÉlevé
15XXX.XXX.XXX.XXXXxxxxx18/12/2020verifiedÉlevé
16XXX.XXX.XXX.XXXXxxxxx18/12/2020verifiedÉlevé
17XXX.XXX.XXX.XXXXxxxxx18/12/2020verifiedÉlevé
18XXX.XX.XX.XXXxxxxx18/12/2020verifiedÉlevé
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx18/12/2020verifiedÉlevé
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx18/12/2020verifiedÉlevé
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx18/12/2020verifiedÉlevé
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx18/12/2020verifiedÉlevé
23XXX.XXX.XXX.XXXXxxxxx18/12/2020verifiedÉlevé
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx18/12/2020verifiedÉlevé
25XXX.XXX.XX.XXxxxxx.xxXxxxxx18/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.htaccesspredictiveMoyen
2File/admin/index.phppredictiveÉlevé
3File/cgi-mod/lookup.cgipredictiveÉlevé
4File/getcfg.phppredictiveMoyen
5File/ipms/imageConvert/imagepredictiveÉlevé
6File/message/ajax/send/predictiveÉlevé
7File/proc/self/environpredictiveÉlevé
8File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictiveÉlevé
9File/v2/customerdb/operator.svc/apredictiveÉlevé
10Fileadd_comment.phppredictiveÉlevé
11Fileapp/controllers/application_controller.rbpredictiveÉlevé
12Fileapplication\api\controller\User.phppredictiveÉlevé
13Fileblog.phppredictiveMoyen
14Filexxxxxxxx.xxxpredictiveMoyen
15Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveÉlevé
16Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictiveÉlevé
17Filexxxxxxxxxx.xxxpredictiveÉlevé
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxx/xxxxpredictiveMoyen
20Filexxxx/xxxxx.xxxpredictiveÉlevé
21Filexxxx/xxxxxxx.xxxpredictiveÉlevé
22Filexxxxxx/xxxpredictiveMoyen
23Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveÉlevé
24Filexxxxx.xxxpredictiveMoyen
25Filexxxx.xxxpredictiveMoyen
26Filexxxxx.xxpredictiveMoyen
27Filexxxx_xxxxx.xxxpredictiveÉlevé
28Filexx/xxxxxx_xxx.xpredictiveÉlevé
29Filexx/xxxx/xxx.xpredictiveÉlevé
30Filexxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
32Filexxx/xxxxxx.xxxpredictiveÉlevé
33Filexxxxx.xxxpredictiveMoyen
34Filexxxx.xxxpredictiveMoyen
35Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveÉlevé
36Filexxxxx.xxxxpredictiveMoyen
37Filexxxxxx/xxxxx.xxxpredictiveÉlevé
38Filexxxxxxxx.xxxpredictiveMoyen
39Filexxxxx_xxxxxxx.xxxpredictiveÉlevé
40Filexxxxxxxxxx.xxx.xxxpredictiveÉlevé
41Filexxxxx_xxxxxx.xxxpredictiveÉlevé
42Filexxxxxxx_xxxx.xxxpredictiveÉlevé
43Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveÉlevé
44Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveÉlevé
45Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveÉlevé
46Filexxxxx_xxxxxx_xxx.xxxpredictiveÉlevé
47Filexxxxxxxx.xxxpredictiveMoyen
48Filexxxxxxxx.xxxpredictiveMoyen
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
50Filexxxxxxxx_xxxxxx.xxxpredictiveÉlevé
51Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictiveÉlevé
52Filexxxxxxxxx.xpredictiveMoyen
53Filexxxxxxxxxxxx.xxxpredictiveÉlevé
54Filexxxxx/xxxxx.xxxpredictiveÉlevé
55Filexxxxx.xxxpredictiveMoyen
56Filexxxxxxxxxx.xpredictiveMoyen
57Filexxx-xxxxxxx.xpredictiveÉlevé
58Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
59Filexxxx_xxxx.xxxpredictiveÉlevé
60Filexxxxxxx.xxxpredictiveMoyen
61Filexxxxxx.xxxpredictiveMoyen
62Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveÉlevé
63Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveÉlevé
64Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
66Filexxxxxxxxxxxxx.xxxxpredictiveÉlevé
67Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveÉlevé
68Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveÉlevé
69Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveÉlevé
70Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveÉlevé
71Libraryxxxx/xxxxxxx.xpredictiveÉlevé
72Libraryxxxxxxxx.xxxpredictiveMoyen
73Libraryxxxxxxxx.xxxpredictiveMoyen
74Libraryxxxxxx.xxxpredictiveMoyen
75Argument$xxxxpredictiveFaible
76Argument--xxxxxx/--xxxxxxxxpredictiveÉlevé
77Argument-xpredictiveFaible
78ArgumentxxxxxxpredictiveFaible
79Argumentxxxx_xxxpredictiveMoyen
80ArgumentxxxxxxxxpredictiveMoyen
81Argumentxxx[xxxxxx][xxxxxxxxx]predictiveÉlevé
82ArgumentxxxxxxxpredictiveFaible
83Argumentxxxxx$xxx$xxxxxxxxxxxpredictiveÉlevé
84ArgumentxxxxpredictiveFaible
85ArgumentxxxxxpredictiveFaible
86ArgumentxxxxxxxpredictiveFaible
87ArgumentxxxxxpredictiveFaible
88ArgumentxxpredictiveFaible
89Argumentxx/xxxxxxpredictiveMoyen
90Argumentxxx_xxxxxxxxxxxpredictiveÉlevé
91Argumentxx-xxxpredictiveFaible
92ArgumentxxxxxxpredictiveFaible
93ArgumentxxxxxxxxpredictiveMoyen
94ArgumentxxxxxxpredictiveFaible
95Argumentxxxx/xxxxxxxxxxxpredictiveÉlevé
96ArgumentxxxxpredictiveFaible
97ArgumentxxxxxxxxpredictiveMoyen
98ArgumentxxxxxxxxpredictiveMoyen
99ArgumentxxxxpredictiveFaible
100ArgumentxxxxxxxpredictiveFaible
101Argumentxxxx_xxpredictiveFaible
102ArgumentxxxxxxxxxpredictiveMoyen
103Argumentxxxx_xxx_xxxxpredictiveÉlevé
104Argumentxxxxxxxx/xxpredictiveMoyen
105ArgumentxxxpredictiveFaible
106Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
107Argumentxx_xxxxxxxpredictiveMoyen
108Argument_xxxpredictiveFaible
109Argument_xxxxpredictiveFaible
110Argument_xxxxpredictiveFaible
111Input Value@xxxxxxxx.xxxpredictiveÉlevé
112Network Portxxx/xxxxpredictiveMoyen
113Network Portxxx/xxxx (xx-xxx)predictiveÉlevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!