Ponmocup 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

タイムライン

言語

en26
de2

国・地域

us14
in8
ly2
tr2

アクター

Ponmocup5
XtremeRAT1
Darktrack RAT1

アクティビティ

関心

タイムライン

タイプ

Operating System6
Not Defined6
File Transfer Software4
Firewall Software2
Content Management System2

ベンダー

Not Defined10
Microsoft4
ZyXEL2
Intelliants2
Techno Dreams2

製品

ProFTPD4
Microsoft Windows4
ZyXEL ZyWALL2
Intelliants Subrion CMS2
Techno Dreams Announcement script2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.48CVE-2020-12440
2Microsoft Windows WPAD Remote Code Execution8.58.4$25k-$100k$0-$5kHighOfficial Fix0.918210.02CVE-2016-3236
3Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.239930.00CVE-2022-34718
4ZyXEL ZyWALL 弱い認証7.37.1$5k-$25k$0-$5kHighUnavailable0.183070.03CVE-2008-1160
5CKeditor Paste クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2018-17960
6ImageMagick mogrify.c MogrifyImageList 特権昇格5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001880.00CVE-2017-18252
7Facebook Hermes Javascript Object 特権昇格8.57.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003170.00CVE-2020-1911
8Zentrack index.php ディレクトリトラバーサル7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
9Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
10Microsoft MS-DOS/Windows Carbon Copy 32 情報の漏洩3.33.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.02
11PhonePe Wallet com.PhonePe.app 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.001990.00CVE-2018-17403
12Easy Software Products CUPS HPGL File ParseCommand メモリ破損5.04.5$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.086190.07CVE-2004-1267
13Intelliants Subrion CMS 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2017-6002
14Oracle Database Server TRANSFORM メモリ破損9.99.9$5k-$25k$0-$5kNot DefinedNot Defined0.007780.00CVE-2007-5897
15libav libavcodec vc1dec.c vc1_decode_frame メモリ破損5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2018-19130
16Apache Tomcat CORS Filter 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.04CVE-2018-8014
17ProFTPD 特権昇格5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2017-7418
18IBM InfoSphere DataStage 特権昇格5.95.9$25k-$100k$0-$5kNot DefinedNot Defined0.000420.00CVE-2015-1900
19F5 BIG-IP RADIUS Authentication 特権昇格3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001390.05CVE-2018-5515
20Oracle Solaris CDE Calendar 特権昇格9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005750.00CVE-2017-3632

IOC - Indicator of Compromise (51)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.171.234.238Ponmocup2021年05月31日verified
24.227.70.65Ponmocup2021年05月31日verified
36.88.25.80Ponmocup2021年05月31日verified
47.34.116.64Ponmocup2021年05月31日verified
521.8.194.15Ponmocup2021年05月31日verified
622.149.159.105Ponmocup2021年05月31日verified
725.20.33.76Ponmocup2021年05月31日verified
827.251.60.63Ponmocup2021年05月31日verified
929.205.223.64Ponmocup2021年05月31日verified
1031.171.130.249Ponmocup2021年05月31日verified
1138.155.216.69Ponmocup2021年05月31日verified
12XX.XX.XXX.XXXXxxxxxxx2021年05月31日verified
13XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxx.xxx.xxxxxxx.xxx.xxXxxxxxxx2021年05月31日verified
14XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxx.xxxxxxxx.xxXxxxxxxx2021年05月31日verified
15XX.XX.XXX.XXXXxxxxxxx2021年05月31日verified
16XX.XXX.XX.XXxxxx-xxx-xx-xx.xx.xxx.xxxxxxxx.xxx.xxXxxxxxxx2021年05月31日verified
17XX.XXX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxx2021年05月31日verified
18XX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
19XX.XX.XXX.XXxxxxxxx2021年05月31日verified
20XX.XXX.XX.XXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxxxxx2021年05月31日verified
21XX.XX.XX.XXXxxxxxxx-xx-xx-xxx.xxxxxxxx.xxXxxxxxxx2021年05月31日verified
22XX.XX.XXX.XXXxxxxxxx2021年05月31日verified
23XXX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
24XXX.XXX.XXX.XXXxxxxxxx2021年05月31日verified
25XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2021年05月31日verified
26XXX.X.XX.XXXXxxxxxxx2021年05月31日verified
27XXX.XXX.XX.XXXXxxxxxxx2021年05月31日verified
28XXX.XX.XXX.XXXxxxx.xxxxxx.xxxXxxxxxxx2021年05月31日verified
29XXX.XXX.XX.XXXXxxxxxxx2021年05月31日verified
30XXX.XXX.X.XXXxxxxxxx2021年05月31日verified
31XXX.XX.XX.XXXXxxxxxxx2021年05月31日verified
32XXX.X.XXX.XXXxxxxxxx2021年05月31日verified
33XXX.XX.XX.XXxxxxxxx.xxxxxx.xxxXxxxxxxx2021年05月31日verified
34XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxx2021年05月31日verified
35XXX.XX.XXX.XXXxxxxxxx2021年05月31日verified
36XXX.XX.XXX.XXXXxxxxxxx2021年05月31日verified
37XXX.XX.XXX.XXXXxxxxxxx2021年05月31日verified
38XXX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
39XXX.XX.XXX.XXXxxxxxxx2021年05月31日verified
40XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxxx-xxxxxxxxx.xxx.xxXxxxxxxx2021年05月31日verified
41XXX.XXX.XX.XXXxxxxxxx2021年05月31日verified
42XXX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
43XXX.XX.XX.XXXxxxxxxx2021年05月31日verified
44XXX.XX.XX.XXXXxxxxxxx2021年05月31日verified
45XXX.XXX.XX.XXXxxxxxxx2021年05月31日verified
46XXX.XXX.XX.XXXxxxxxxx2021年05月31日verified
47XXX.XXX.XX.XXXXxxxxxxx2021年05月31日verified
48XXX.XXX.XX.XXXXxxxxxxx2021年05月31日verified
49XXX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
50XXX.XXX.XXX.XXXXxxxxxxx2021年05月31日verified
51XXX.XXX.XXX.XXXxxxxxxx2021年05月31日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/users/new/addpredictive
2File/uncpath/predictive
3Filexxxxx/xxxx/xxx/predictive
4Filexxxxx/xxxxx.xxxpredictive
5Filexxx.xxxxxxx.xxxpredictive
6Filexxxxx.xxxpredictive
7Filexxxxxxxxxx/xxxxxx.xpredictive
8Filexxxxxxxxxx/xxxxxxx.xpredictive
9Argumentxxxxpredictive
10Argumentxxxxxxxxxxpredictive
11Argumentxxxxpredictive
12Argumentxxxxxxpredictive
13Input Value\xxx../../../../xxx/xxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!