MoqHao Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	32
zh	6
ko	2

Country

cn	22
us	8
co	4
ru	2

Actors

MoqHao	4
Roaming Mantis	2
Gh0stRAT	1

Activities

Interest

Timeline

Type

Not Defined	22
Document Processing Software	4
Programming Language Software	2
Web Server	2
Backup Software	2

Vendor

Not Defined	14
Microsoft	4
Oracle	4
NetCommWireless	2
ONLYOFFICE	2

Product

CKEditor4	6
libxml2	4
NetCommWireless HSPA 3G10WVE	2
ONLYOFFICE Document Server	2
CKeditor4	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Apache Xerces C++ External DTD Scanning use after free	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.04	CVE-2024-23807
2	Apache Xerces-C XMLReader.cpp memory corruption	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03133	0.00	CVE-2016-0729
3	Apache Xerces C++ XML Document DTDScanner.cpp use after free	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00372	0.00	CVE-2016-2099
4	Oracle PeopleSoft Enterprise PeopleTools Apache Xerces memory corruption	9.8	9.7	$25k-$100k	$25k-$100k	Not Defined	Official Fix	0.03133	0.00	CVE-2016-0729
5	HCL BigFix Platform xerces-c++ integer overflow	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00677	0.00	CVE-2023-37536
6	libxml2 NEXTL Macro parser.c xmlParserHandlePEReference memory corruption	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00601	0.00	CVE-2017-16931
7	libxml2 XML Reader Interface xmlValidatePopElement use after free	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.03	CVE-2024-25062
8	Hancom Office HWord use after free	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.05	CVE-2023-32541
9	PHP pdo_mysql buffer overflow	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00792	0.04	CVE-2022-31626
10	CKEditor4 Advanced Content Filter cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00448	0.04	CVE-2021-41164
11	CKEditor4 HTML Processing Module HTML injection	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00299	0.04	CVE-2021-41165
12	CKEditor4 Dialog Plugin resource consumption	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00302	0.00	CVE-2022-24729
13	CKeditor4 HTML Parsing Module HTML injection	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.03	CVE-2024-24815
14	CKeditor4 cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.04	CVE-2024-24816
15	Sencha Ext JS XSS Protection getTip cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.04	CVE-2018-8046
16	Proxmox Backup Server/Mail Gateway Two-factor Authentication improper authentication	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00082	0.04	CVE-2023-43320
17	Openfind Mail2000 File Upload cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00061	0.03	CVE-2023-22902
18	TypeORM FindOneOptions findOne sql injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00283	0.04	CVE-2022-33171
19	Hap-WI Roxy-WI options.py subprocess_execute os command injection	9.5	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95326	0.00	CVE-2022-31137
20	Apache Struts DefaultActionMapper input validation	10.0	9.5	$5k-$25k	$0-$5k	High	Official Fix	0.97380	0.00	CVE-2013-2251

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Identified	Type	Confidence
1	27.124.36.25	MoqHao	03/20/2022	verified	High
2	XXX.XXX.XX.XXX	Xxxxxx	07/18/2022	verified	High
3	XXX.XXX.XXX.XXX	Xxxxxx	07/18/2022	verified	High
4	XXX.XXX.XXX.XX	Xxxxxx	07/18/2022	verified	High
5	XXX.XXX.XX.XX	Xxxxxx	07/18/2022	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/app/options.py	predictive	High
2	File	/uncpath/	predictive	Medium
3	File	xxxx/xxx/xxxx/xxxx/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
4	File	xxxxxxxxxxxxxxx.xxx	predictive	High
5	File	xxxxxxxx/xxxxxxxxx.xxx	predictive	High
6	File	xxxxxx.x	predictive	Medium
7	File	xxxx.xxx	predictive	Medium
8	File	xxxxxxxxxx/xxx/xxxxxxxxxx.xxx	predictive	High
9	Library	/xxxxx/xxxxxxxxxxxxx.xxx	predictive	High
10	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	High
11	Argument	xxx_xxxxxxxxx	predictive	High
12	Argument	xxxxxxxx	predictive	Medium
13	Argument	xxxxx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!