Ponmocup Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	28

Country

us	12
in	4
ly	4
tr	2
au	2

Actors

Ponmocup	6
XtremeRAT	1
Darktrack RAT	1

Activities

Interest

Timeline

Type

Operating System	10
Firewall Software	4
Not Defined	4
Android App Software	2
Content Management System	2

Vendor

Microsoft	8
Not Defined	4
ZyXEL	2
Intelliants	2
F5	2

Product

Microsoft Windows	8
PhonePe Wallet	2
ZyXEL ZyWALL	2
Intelliants Subrion CMS	2
F5 BIG-IP	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.47	CVE-2020-12440
2	Microsoft Windows WPAD data processing	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.91821	0.02	CVE-2016-3236
3	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.23993	0.00	CVE-2022-34718
4	ZyXEL ZyWALL improper authentication	7.3	7.1	$5k-$25k	$0-$5k	High	Unavailable	0.18307	0.03	CVE-2008-1160
5	CKeditor Paste cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.03	CVE-2018-17960
6	ImageMagick mogrify.c MogrifyImageList input validation	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00188	0.04	CVE-2017-18252
7	Facebook Hermes Javascript Object type confusion	8.5	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00317	0.00	CVE-2020-1911
8	Zentrack index.php path traversal	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.08
9	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.04	CVE-2017-0055
10	Microsoft MS-DOS/Windows Carbon Copy 32 information disclosure	3.3	3.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
11	PhonePe Wallet com.PhonePe.app credentials management	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00199	0.00	CVE-2018-17403
12	Easy Software Products CUPS HPGL File ParseCommand memory corruption	5.0	4.5	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08619	0.07	CVE-2004-1267
13	Intelliants Subrion CMS cross-site request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00071	0.00	CVE-2017-6002
14	Oracle Database Server TRANSFORM memory corruption	9.9	9.9	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00778	0.00	CVE-2007-5897
15	libav libavcodec vc1dec.c vc1_decode_frame memory corruption	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.00	CVE-2018-19130
16	Apache Tomcat CORS Filter 7pk security	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.04	CVE-2018-8014
17	ProFTPD link following	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2017-7418
18	IBM InfoSphere DataStage access control	5.9	5.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00042	0.00	CVE-2015-1900
19	F5 BIG-IP RADIUS Authentication input validation	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00139	0.05	CVE-2018-5515
20	Oracle Solaris CDE Calendar access control	9.8	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00575	0.00	CVE-2017-3632

IOC - Indicator of Compromise (51)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	2.171.234.238		Ponmocup	05/31/2021	verified	High
2	4.227.70.65		Ponmocup	05/31/2021	verified	High
3	6.88.25.80		Ponmocup	05/31/2021	verified	High
4	7.34.116.64		Ponmocup	05/31/2021	verified	High
5	21.8.194.15		Ponmocup	05/31/2021	verified	High
6	22.149.159.105		Ponmocup	05/31/2021	verified	High
7	25.20.33.76		Ponmocup	05/31/2021	verified	High
8	27.251.60.63		Ponmocup	05/31/2021	verified	High
9	29.205.223.64		Ponmocup	05/31/2021	verified	High
10	31.171.130.249		Ponmocup	05/31/2021	verified	High
11	38.155.216.69		Ponmocup	05/31/2021	verified	High
12	XX.XX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
13	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxx.xxx.xxxxxxx.xxx.xx	Xxxxxxxx	05/31/2021	verified	High
14	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxx.xxxxxxxx.xx	Xxxxxxxx	05/31/2021	verified	High
15	XX.XX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
16	XX.XXX.XX.XX	xxxx-xxx-xx-xx.xx.xxx.xxxxxxxx.xxx.xx	Xxxxxxxx	05/31/2021	verified	High
17	XX.XXX.XX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxxxxx	05/31/2021	verified	High
18	XX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
19	XX.XX.XXX.X		Xxxxxxxx	05/31/2021	verified	High
20	XX.XXX.XX.XX	xxxxxxxxxx-xxxx.xx.xxxxxx.xx	Xxxxxxxx	05/31/2021	verified	High
21	XX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxxxx.xx	Xxxxxxxx	05/31/2021	verified	High
22	XX.XX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
23	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
24	XXX.XXX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
25	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	05/31/2021	verified	High
26	XXX.X.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
27	XXX.XXX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
28	XXX.XX.XXX.XXX	xxxx.xxxxxx.xxx	Xxxxxxxx	05/31/2021	verified	High
29	XXX.XXX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
30	XXX.XXX.X.XX		Xxxxxxxx	05/31/2021	verified	High
31	XXX.XX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
32	XXX.X.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
33	XXX.XX.XX.XX	xxxxxxx.xxxxxx.xxx	Xxxxxxxx	05/31/2021	verified	High
34	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxx	05/31/2021	verified	High
35	XXX.XX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
36	XXX.XX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
37	XXX.XX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
38	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
39	XXX.XX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
40	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxx-xxxxxxxxx.xxx.xx	Xxxxxxxx	05/31/2021	verified	High
41	XXX.XXX.XX.XX		Xxxxxxxx	05/31/2021	verified	High
42	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
43	XXX.XX.XX.XX		Xxxxxxxx	05/31/2021	verified	High
44	XXX.XX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
45	XXX.XXX.XX.XX		Xxxxxxxx	05/31/2021	verified	High
46	XXX.XXX.XX.XX		Xxxxxxxx	05/31/2021	verified	High
47	XXX.XXX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
48	XXX.XXX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High
49	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
50	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
51	XXX.XXX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/users/new/add	predictive	High
2	File	/uncpath/	predictive	Medium
3	File	xxxxx/xxxx/xxx/	predictive	High
4	File	xxxxx/xxxxx.xxx	predictive	High
5	File	xxx.xxxxxxx.xxx	predictive	High
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxxxxxxx/xxxxxx.x	predictive	High
8	File	xxxxxxxxxx/xxxxxxx.x	predictive	High
9	Argument	xxxx	predictive	Low
10	Argument	xxxxxxxxxx	predictive	Medium
11	Argument	xxxx	predictive	Low
12	Argument	xxxxxx	predictive	Low
13	Input Value	\xxx../../../../xxx/xxxxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!