Ponmocup Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Язык

en	26
de	2

Страна

us	12
in	6
ir	2
tr	2
ly	2

Акторы

Ponmocup	5
XtremeRAT	1

Интерес

Тип

Not Defined	6
Operating System	6
Firewall Software	4
File Transfer Software	4
Multimedia Player Software	2

Поставщик

Not Defined	10
Microsoft	6
F5	2
Techno Dreams	2
Intelliants	2

Продукт

Microsoft Windows	6
ProFTPD	4
F5 BIG-IP	2
libav	2
Techno Dreams Announcement script	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	nginx эскалация привилегий	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.66	CVE-2020-12440
2	Microsoft Windows WPAD Remote Code Execution	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.91821	0.02	CVE-2016-3236
3	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.23993	0.00	CVE-2022-34718
4	ZyXEL ZyWALL слабая аутентификация	7.3	7.1	$5k-$25k	$0-$5k	High	Unavailable	0.18307	0.03	CVE-2008-1160
5	CKeditor Paste межсайтовый скриптинг	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.00	CVE-2018-17960
6	ImageMagick mogrify.c MogrifyImageList эскалация привилегий	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00188	0.00	CVE-2017-18252
7	Facebook Hermes Javascript Object эскалация привилегий	8.5	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00317	0.00	CVE-2020-1911
8	Zentrack index.php обход каталога	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.08
9	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.20	CVE-2017-0055
10	Microsoft MS-DOS/Windows Carbon Copy 32 раскрытие информации	3.3	3.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
11	PhonePe Wallet com.PhonePe.app эскалация привилегий	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00199	0.00	CVE-2018-17403
12	Easy Software Products CUPS HPGL File ParseCommand повреждение памяти	5.0	4.5	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08619	0.07	CVE-2004-1267
13	Intelliants Subrion CMS неизвестная уязвимость	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00071	0.00	CVE-2017-6002
14	Oracle Database Server TRANSFORM повреждение памяти	9.9	9.9	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00778	0.00	CVE-2007-5897
15	libav libavcodec vc1dec.c vc1_decode_frame повреждение памяти	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.00	CVE-2018-19130
16	Apache Tomcat CORS Filter эскалация привилегий	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.00	CVE-2018-8014
17	ProFTPD эскалация привилегий	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2017-7418
18	IBM InfoSphere DataStage эскалация привилегий	5.9	5.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00042	0.00	CVE-2015-1900
19	F5 BIG-IP RADIUS Authentication эскалация привилегий	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00139	0.05	CVE-2018-5515
20	Oracle Solaris CDE Calendar эскалация привилегий	9.8	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00575	0.00	CVE-2017-3632

IOC - Indicator of Compromise (51)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	2.171.234.238		Ponmocup	31.05.2021	verified	Высокий
2	4.227.70.65		Ponmocup	31.05.2021	verified	Высокий
3	6.88.25.80		Ponmocup	31.05.2021	verified	Высокий
4	7.34.116.64		Ponmocup	31.05.2021	verified	Высокий
5	21.8.194.15		Ponmocup	31.05.2021	verified	Высокий
6	22.149.159.105		Ponmocup	31.05.2021	verified	Высокий
7	25.20.33.76		Ponmocup	31.05.2021	verified	Высокий
8	27.251.60.63		Ponmocup	31.05.2021	verified	Высокий
9	29.205.223.64		Ponmocup	31.05.2021	verified	Высокий
10	31.171.130.249		Ponmocup	31.05.2021	verified	Высокий
11	38.155.216.69		Ponmocup	31.05.2021	verified	Высокий
12	XX.XX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
13	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxx.xxx.xxxxxxx.xxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
14	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxx.xxxxxxxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
15	XX.XX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
16	XX.XXX.XX.XX	xxxx-xxx-xx-xx.xx.xxx.xxxxxxxx.xxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
17	XX.XXX.XX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	31.05.2021	verified	Высокий
18	XX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
19	XX.XX.XXX.X		Xxxxxxxx	31.05.2021	verified	Высокий
20	XX.XXX.XX.XX	xxxxxxxxxx-xxxx.xx.xxxxxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
21	XX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxxxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
22	XX.XX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
23	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
24	XXX.XXX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
25	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	31.05.2021	verified	Высокий
26	XXX.X.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
27	XXX.XXX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
28	XXX.XX.XXX.XXX	xxxx.xxxxxx.xxx	Xxxxxxxx	31.05.2021	verified	Высокий
29	XXX.XXX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
30	XXX.XXX.X.XX		Xxxxxxxx	31.05.2021	verified	Высокий
31	XXX.XX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
32	XXX.X.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
33	XXX.XX.XX.XX	xxxxxxx.xxxxxx.xxx	Xxxxxxxx	31.05.2021	verified	Высокий
34	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxx	31.05.2021	verified	Высокий
35	XXX.XX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
36	XXX.XX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
37	XXX.XX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
38	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
39	XXX.XX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
40	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxx-xxxxxxxxx.xxx.xx	Xxxxxxxx	31.05.2021	verified	Высокий
41	XXX.XXX.XX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
42	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
43	XXX.XX.XX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
44	XXX.XX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
45	XXX.XXX.XX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
46	XXX.XXX.XX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
47	XXX.XXX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
48	XXX.XXX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
49	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
50	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
51	XXX.XXX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1		CAPEC-10	CWE-19, CWE-20, CWE-59, CWE-119, CWE-287, CWE-352, CWE-444, CWE-843, CWE-862, CWE-863	Unknown Vulnerability	predictive	Высокий
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Высокий
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/admin/users/new/add	predictive	Высокий
2	File	/uncpath/	predictive	Средний
3	File	xxxxx/xxxx/xxx/	predictive	Высокий
4	File	xxxxx/xxxxx.xxx	predictive	Высокий
5	File	xxx.xxxxxxx.xxx	predictive	Высокий
6	File	xxxxx.xxx	predictive	Средний
7	File	xxxxxxxxxx/xxxxxx.x	predictive	Высокий
8	File	xxxxxxxxxx/xxxxxxx.x	predictive	Высокий
9	Argument	xxxx	predictive	Низкий
10	Argument	xxxxxxxxxx	predictive	Средний
11	Argument	xxxx	predictive	Низкий
12	Argument	xxxxxx	predictive	Низкий
13	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Высокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!