MoqHao 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

语言

en	30
zh	8
ko	2

国家/地区

cn	16
us	12
co	8

演员

MoqHao	4
Roaming Mantis	2
Gh0stRAT	1

利益

类型

Not Defined	24
Automation Software	2
Router Operating System	2
Operating System	2
Web Browser	2

供应商

Not Defined	8
Apache	6
Microsoft	6
VMware	2
bitcoin	2

产品

Apache Xerces C++	4
VMware vRealize Automation	2
bitcoin Bitcoin-Qt	2
CKeditor4	2
NetCommWireless HSPA 3G10WVE	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Apache Xerces C++ External DTD Scanning 内存损坏	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-23807
2	Apache Xerces-C XMLReader.cpp 内存损坏	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03064	0.00	CVE-2016-0729
3	Apache Xerces C++ XML Document DTDScanner.cpp 内存损坏	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00372	0.00	CVE-2016-2099
4	Oracle PeopleSoft Enterprise PeopleTools Apache Xerces 内存损坏	9.8	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03064	0.00	CVE-2016-0729
5	HCL BigFix Platform xerces-c++ 内存损坏	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00677	0.04	CVE-2023-37536
6	libxml2 NEXTL Macro parser.c xmlParserHandlePEReference 内存损坏	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00601	0.00	CVE-2017-16931
7	libxml2 XML Reader Interface xmlValidatePopElement 内存损坏	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.04	CVE-2024-25062
8	Hancom Office HWord 内存损坏	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.00	CVE-2023-32541
9	PHP pdo_mysql 内存损坏	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00792	0.04	CVE-2022-31626
10	CKEditor4 Advanced Content Filter 跨网站脚本	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00448	0.04	CVE-2021-41164
11	CKEditor4 HTML Processing Module 跨网站脚本	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00299	0.04	CVE-2021-41165
12	CKEditor4 Dialog Plugin 拒绝服务	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00302	0.00	CVE-2022-24729
13	CKeditor4 HTML Parsing Module 跨网站脚本	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.04	CVE-2024-24815
14	CKeditor4 跨网站脚本	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.03	CVE-2024-24816
15	Sencha Ext JS XSS Protection getTip 跨网站脚本	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.02	CVE-2018-8046
16	Proxmox Backup Server/Mail Gateway Two-factor Authentication 弱身份验证	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00082	0.03	CVE-2023-43320
17	Openfind Mail2000 File Upload 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00061	0.03	CVE-2023-22902
18	TypeORM FindOneOptions findOne SQL注入	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00241	0.02	CVE-2022-33171
19	Hap-WI Roxy-WI options.py subprocess_execute 权限升级	9.5	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95555	0.02	CVE-2022-31137
20	Apache Struts DefaultActionMapper 权限升级	10.0	9.0	$25k-$100k	$0-$5k	High	Official Fix	0.97380	0.02	CVE-2013-2251

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	参与者	Identified	类型	可信度
1	27.124.36.25	MoqHao	2022-03-20	verified	高
2	XXX.XXX.XX.XXX	Xxxxxx	2022-07-18	verified	高
3	XXX.XXX.XXX.XXX	Xxxxxx	2022-07-18	verified	高
4	XXX.XXX.XXX.XX	Xxxxxx	2022-07-18	verified	高
5	XXX.XXX.XX.XX	Xxxxxx	2022-07-18	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/app/options.py	predictive	高
2	File	/uncpath/	predictive	中
3	File	xxxx/xxx/xxxx/xxxx/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	高
4	File	xxxxxxxxxxxxxxx.xxx	predictive	高
5	File	xxxxxxxx/xxxxxxxxx.xxx	predictive	高
6	File	xxxxxx.x	predictive	中
7	File	xxxx.xxx	predictive	中
8	File	xxxxxxxxxx/xxx/xxxxxxxxxx.xxx	predictive	高
9	Library	/xxxxx/xxxxxxxxxxxxx.xxx	predictive	高
10	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	高
11	Argument	xxx_xxxxxxxxx	predictive	高
12	Argument	xxxxxxxx	predictive	中
13	Argument	xxxxx	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!