Ponmocup 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

语言

en	28

国家/地区

us	12
ly	4
au	2
in	2
ir	2

演员

Ponmocup	6
XtremeRAT	1

利益

类型

Operating System	6
Not Defined	4
Database Software	2
Social Network Software	2
File Transfer Software	2

供应商

Not Defined	8
Oracle	4
Microsoft	4
Facebook	2
Easy Software Products	2

产品

Microsoft Windows	4
Oracle Database Server	2
Facebook Hermes	2
CKeditor	2
ProFTPD	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	nginx 权限升级	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.13	CVE-2020-12440
2	Microsoft Windows WPAD Remote Code Execution	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.91821	0.02	CVE-2016-3236
3	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.27975	0.00	CVE-2022-34718
4	ZyXEL ZyWALL 弱身份验证	7.3	7.1	$5k-$25k	$0-$5k	High	Unavailable	0.18307	0.03	CVE-2008-1160
5	CKeditor Paste 跨网站脚本	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.00	CVE-2018-17960
6	ImageMagick mogrify.c MogrifyImageList 权限升级	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00188	0.00	CVE-2017-18252
7	Facebook Hermes Javascript Object 权限升级	8.5	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00317	0.00	CVE-2020-1911
8	Zentrack index.php 目录遍历	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.08
9	Microsoft IIS 跨网站脚本	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.08	CVE-2017-0055
10	Microsoft MS-DOS/Windows Carbon Copy 32 信息公开	3.3	3.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
11	PhonePe Wallet com.PhonePe.app 权限升级	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00199	0.00	CVE-2018-17403
12	Easy Software Products CUPS HPGL File ParseCommand 内存损坏	5.0	4.5	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08619	0.07	CVE-2004-1267
13	Intelliants Subrion CMS 跨网站请求伪造	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00071	0.00	CVE-2017-6002
14	Oracle Database Server TRANSFORM 内存损坏	9.9	9.9	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00778	0.00	CVE-2007-5897
15	libav libavcodec vc1dec.c vc1_decode_frame 内存损坏	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.00	CVE-2018-19130
16	Apache Tomcat CORS Filter 权限升级	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.02	CVE-2018-8014
17	ProFTPD 权限升级	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2017-7418
18	IBM InfoSphere DataStage 权限升级	5.9	5.9	$25k-$100k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2015-1900
19	F5 BIG-IP RADIUS Authentication 权限升级	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00139	0.05	CVE-2018-5515
20	Oracle Solaris CDE Calendar 权限升级	9.8	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00575	0.00	CVE-2017-3632

IOC - Indicator of Compromise (51)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	2.171.234.238		Ponmocup	2021-05-31	verified	高
2	4.227.70.65		Ponmocup	2021-05-31	verified	高
3	6.88.25.80		Ponmocup	2021-05-31	verified	高
4	7.34.116.64		Ponmocup	2021-05-31	verified	高
5	21.8.194.15		Ponmocup	2021-05-31	verified	高
6	22.149.159.105		Ponmocup	2021-05-31	verified	高
7	25.20.33.76		Ponmocup	2021-05-31	verified	高
8	27.251.60.63		Ponmocup	2021-05-31	verified	高
9	29.205.223.64		Ponmocup	2021-05-31	verified	高
10	31.171.130.249		Ponmocup	2021-05-31	verified	高
11	38.155.216.69		Ponmocup	2021-05-31	verified	高
12	XX.XX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
13	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxx.xxx.xxxxxxx.xxx.xx	Xxxxxxxx	2021-05-31	verified	高
14	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxx.xxxxxxxx.xx	Xxxxxxxx	2021-05-31	verified	高
15	XX.XX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
16	XX.XXX.XX.XX	xxxx-xxx-xx-xx.xx.xxx.xxxxxxxx.xxx.xx	Xxxxxxxx	2021-05-31	verified	高
17	XX.XXX.XX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	2021-05-31	verified	高
18	XX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
19	XX.XX.XXX.X		Xxxxxxxx	2021-05-31	verified	高
20	XX.XXX.XX.XX	xxxxxxxxxx-xxxx.xx.xxxxxx.xx	Xxxxxxxx	2021-05-31	verified	高
21	XX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxxxx.xx	Xxxxxxxx	2021-05-31	verified	高
22	XX.XX.XXX.XX		Xxxxxxxx	2021-05-31	verified	高
23	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
24	XXX.XXX.XXX.XX		Xxxxxxxx	2021-05-31	verified	高
25	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	2021-05-31	verified	高
26	XXX.X.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
27	XXX.XXX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
28	XXX.XX.XXX.XXX	xxxx.xxxxxx.xxx	Xxxxxxxx	2021-05-31	verified	高
29	XXX.XXX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
30	XXX.XXX.X.XX		Xxxxxxxx	2021-05-31	verified	高
31	XXX.XX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
32	XXX.X.XXX.XX		Xxxxxxxx	2021-05-31	verified	高
33	XXX.XX.XX.XX	xxxxxxx.xxxxxx.xxx	Xxxxxxxx	2021-05-31	verified	高
34	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxx	2021-05-31	verified	高
35	XXX.XX.XXX.XX		Xxxxxxxx	2021-05-31	verified	高
36	XXX.XX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
37	XXX.XX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
38	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
39	XXX.XX.XXX.XX		Xxxxxxxx	2021-05-31	verified	高
40	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxx-xxxxxxxxx.xxx.xx	Xxxxxxxx	2021-05-31	verified	高
41	XXX.XXX.XX.XX		Xxxxxxxx	2021-05-31	verified	高
42	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
43	XXX.XX.XX.XX		Xxxxxxxx	2021-05-31	verified	高
44	XXX.XX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
45	XXX.XXX.XX.XX		Xxxxxxxx	2021-05-31	verified	高
46	XXX.XXX.XX.XX		Xxxxxxxx	2021-05-31	verified	高
47	XXX.XXX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
48	XXX.XXX.XX.XXX		Xxxxxxxx	2021-05-31	verified	高
49	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
50	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-05-31	verified	高
51	XXX.XXX.XXX.XX		Xxxxxxxx	2021-05-31	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/admin/users/new/add	predictive	高
2	File	/uncpath/	predictive	中
3	File	xxxxx/xxxx/xxx/	predictive	高
4	File	xxxxx/xxxxx.xxx	predictive	高
5	File	xxx.xxxxxxx.xxx	predictive	高
6	File	xxxxx.xxx	predictive	中
7	File	xxxxxxxxxx/xxxxxx.x	predictive	高
8	File	xxxxxxxxxx/xxxxxxx.x	predictive	高
9	Argument	xxxx	predictive	低
10	Argument	xxxxxxxxxx	predictive	中
11	Argument	xxxx	predictive	低
12	Argument	xxxxxx	predictive	低
13	Input Value	\xxx../../../../xxx/xxxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!