Mofang 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

タイムライン

言語

en202
de14
zh12
ru4
es4

国・地域

us170
cn42
at10
gb4
tk4

アクター

Mofang9
Cobalt Strike2
DanaBot1
AsyncRAT1
Nanocore RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined84
Operating System30
Content Management System12
File Transfer Software6
WordPress Plugin6

ベンダー

Not Defined80
Microsoft22
Linux12
Apache8
Oracle6

製品

Microsoft Windows14
Linux Kernel12
WordPress6
RoundCube6
Palo Alto PAN-OS4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2SysAid On-Premise ディレクトリトラバーサル7.67.5$0-$5k$0-$5kHighOfficial Fix0.934570.04CVE-2023-47246
3Aruba InstantOS/ArubaOS PAPI Protocol メモリ破損9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005030.00CVE-2022-37889
4PAN-OS 弱い認証7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
5EmbedThis HTTP Library/Appweb httpLib.c authCondition 弱い認証7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
6RoundCube Webmail rcube_plugin_api.php ディレクトリトラバーサル8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.04CVE-2023-24835
8Mastodon Media File ディレクトリトラバーサル8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004080.04CVE-2023-36460
9DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.60CVE-2010-0966
10Jitsi Meet 弱い認証8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.08CVE-2020-11878
11Microsoft Windows Delivery Optimization Service 特権昇格8.17.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2020-1392
12Palo Alto PAN-OS 弱い暗号化5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode サービス拒否6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute ディレクトリトラバーサル6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
15phpMyAdmin Designer SQLインジェクション8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798
16Palo Alto PAN-OS Web Interface Privilege Escalation6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2020-1975
17Palo Alto PAN-OS 特権昇格7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-17437
18Liferay Portal 特権昇格9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005780.00CVE-2011-1571
19Devana profile_view.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-2673
20ArmorX Spam SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001550.00CVE-2023-48384

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
122.2.0.31Mofang2020年12月23日verified
223.89.200.128Mofang2020年12月18日verified
323.89.201.173Mofang2020年12月18日verified
438.109.190.55lauras-creative-catering.comMofang2020年12月18日verified
549.213.18.15Mofang2020年12月18日verified
6XX.XXX.XX.XXXxxxxx2020年12月18日verified
7XX.XXX.XX.XXXxxxxx2020年12月18日verified
8XX.XXX.XX.XXXxxxxx2020年12月18日verified
9XXX.XX.XX.XXXXxxxxx2020年12月18日verified
10XXX.XXX.XXX.XXxxxxx2020年12月18日verified
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxx2020年12月18日verified
12XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
13XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
14XXX.XXX.XXX.XXXxxxxx2020年12月18日verified
15XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
16XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
17XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
18XXX.XX.XX.XXXxxxxx2020年12月18日verified
19XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
20XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxXxxxxx2020年12月18日verified
21XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
22XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxx2020年12月18日verified
23XXX.XXX.XXX.XXXXxxxxx2020年12月18日verified
24XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxx2020年12月18日verified
25XXX.XXX.XX.XXxxxxx.xxXxxxxx2020年12月18日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/admin/index.phppredictive
3File/cgi-mod/lookup.cgipredictive
4File/getcfg.phppredictive
5File/ipms/imageConvert/imagepredictive
6File/message/ajax/send/predictive
7File/proc/self/environpredictive
8File/sitecore/client/Applications/List Manager/Taskpages/Contact listpredictive
9File/v2/customerdb/operator.svc/apredictive
10Fileadd_comment.phppredictive
11Fileapp/controllers/application_controller.rbpredictive
12Fileapplication\api\controller\User.phppredictive
13Fileblog.phppredictive
14Filexxxxxxxx.xxxpredictive
15Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxpredictive
16Filexxxxxxx_xxxxxxxx_xxxxx.xxxpredictive
17Filexxxxxxxxxx.xxxpredictive
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
19Filexxxx/xxxxpredictive
20Filexxxx/xxxxx.xxxpredictive
21Filexxxx/xxxxxxx.xxxpredictive
22Filexxxxxx/xxxpredictive
23Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictive
24Filexxxxx.xxxpredictive
25Filexxxx.xxxpredictive
26Filexxxxx.xxpredictive
27Filexxxx_xxxxx.xxxpredictive
28Filexx/xxxxxx_xxx.xpredictive
29Filexx/xxxx/xxx.xpredictive
30Filexxxx_xxxxxxx.xxx.xxxpredictive
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
32Filexxx/xxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxxxx/xxxxx/xxxxxxxx.xpredictive
36Filexxxxx.xxxxpredictive
37Filexxxxxx/xxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxx_xxxxxxx.xxxpredictive
40Filexxxxxxxxxx.xxx.xxxpredictive
41Filexxxxx_xxxxxx.xxxpredictive
42Filexxxxxxx_xxxx.xxxpredictive
43Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
44Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictive
45Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
46Filexxxxx_xxxxxx_xxx.xxxpredictive
47Filexxxxxxxx.xxxpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
50Filexxxxxxxx_xxxxxx.xxxpredictive
51Filexxxxxxxxxxxx.xxxxxxxx.xxxpredictive
52Filexxxxxxxxx.xpredictive
53Filexxxxxxxxxxxx.xxxpredictive
54Filexxxxx/xxxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxxxxxxx.xpredictive
57Filexxx-xxxxxxx.xpredictive
58Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
59Filexxxx_xxxx.xxxpredictive
60Filexxxxxxx.xxxpredictive
61Filexxxxxx.xxxpredictive
62Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
63Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
64Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
66Filexxxxxxxxxxxxx.xxxxpredictive
67Filexxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxpredictive
68Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictive
69Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictive
70Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictive
71Libraryxxxx/xxxxxxx.xpredictive
72Libraryxxxxxxxx.xxxpredictive
73Libraryxxxxxxxx.xxxpredictive
74Libraryxxxxxx.xxxpredictive
75Argument$xxxxpredictive
76Argument--xxxxxx/--xxxxxxxxpredictive
77Argument-xpredictive
78Argumentxxxxxxpredictive
79Argumentxxxx_xxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxx[xxxxxx][xxxxxxxxx]predictive
82Argumentxxxxxxxpredictive
83Argumentxxxxx$xxx$xxxxxxxxxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxxxpredictive
86Argumentxxxxxxxpredictive
87Argumentxxxxxpredictive
88Argumentxxpredictive
89Argumentxx/xxxxxxpredictive
90Argumentxxx_xxxxxxxxxxxpredictive
91Argumentxx-xxxpredictive
92Argumentxxxxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxxxxxpredictive
95Argumentxxxx/xxxxxxxxxxxpredictive
96Argumentxxxxpredictive
97Argumentxxxxxxxxpredictive
98Argumentxxxxxxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxxxxxpredictive
101Argumentxxxx_xxpredictive
102Argumentxxxxxxxxxpredictive
103Argumentxxxx_xxx_xxxxpredictive
104Argumentxxxxxxxx/xxpredictive
105Argumentxxxpredictive
106Argumentxxxxxxxx/xxxxxxxxpredictive
107Argumentxx_xxxxxxxpredictive
108Argument_xxxpredictive
109Argument_xxxxpredictive
110Argument_xxxxpredictive
111Input Value@xxxxxxxx.xxxpredictive
112Network Portxxx/xxxxpredictive
113Network Portxxx/xxxx (xx-xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!