TheMoon 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (167)

タイムライン

言語

en156
zh6
ru4
sv2

国・地域

us160
se4
ro2
cn2

アクター

TheMoon4
Royal1
Mirai1

アクティビティ

関心

タイムライン

タイプ

Not Defined74
Operating System18
Content Management System12
Smartphone Operating System8
Router Operating System6

ベンダー

Not Defined56
Microsoft10
Linux8
Cisco6
Joomla6

製品

Microsoft Windows8
Linux Kernel8
Joomla CMS6
Cisco IOS4
Google Android4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.20CVE-2020-15906
2SonicWALL SMA100 libSys.so メモリ破損8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003430.06CVE-2019-7482
3Juniper Junos SRX ICAP Redirect Service メモリ破損8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.00CVE-2020-1647
4Espruino jsvar.c jsvNewFromString メモリ破損5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2022-25044
5Sophos Cyberoam Firewall SSL VPN Console 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006420.03CVE-2019-17059
6VMware Tools 競合状態7.77.7$5k-$25k$0-$5kNot DefinedNot Defined0.000440.02CVE-2020-3941
7Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
8Huawei SXXXX XML Parser 特権昇格3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
9Guo Xu Guos Posting System print.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.022720.00CVE-2007-0554
10WiX Toolset Installer Temp 特権昇格7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2024-29187
11Microsoft Windows Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.000540.04CVE-2023-36802
12Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.04CVE-2022-24785
13Qualiteam X-Cart home.php SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.009580.00CVE-2005-1822
14SourceCodester Online Eyewear Shop SQLインジェクション7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-0673
15SourceCodester Online Food Ordering System manage_user.php SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005310.08CVE-2023-0332
16lirantal daloradius Privilege Escalation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.05CVE-2023-0046
17SnakeYAML YAML File メモリ破損3.13.0$0-$5k$0-$5kNot DefinedNot Defined0.001520.00CVE-2022-41854
18Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002450.03CVE-2018-11541
19Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface ディレクトリトラバーサル6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001720.02CVE-2018-11543
20XenForo Admin Panel クロスサイトスクリプティング4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.04CVE-2021-43032

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.143.201.87colo21.ntup.netTheMoon2024年03月27日verified
291.215.158.0TheMoon2024年03月27日verified
3XXX.XXX.X.XXXxxxxxxxx.xx-xxx-xxx-x.xxXxxxxxx2024年03月27日verified
4XXX.XXX.XX.XXxxxxxxxx.xx-xxx-xxx-xx.xxXxxxxxx2024年03月27日verified
5XXX.XXX.XX.XXxxxxxx2024年03月27日verified
6XXX.XXX.XX.XXxxxx.xxxxxxxxxxxx.xxx.xxXxxxxxx2024年03月27日verified
7XXX.XXX.XX.XXxxxxxxxx.xx-xxx-xxx-xx.xxXxxxxxx2024年03月27日verified
8XXX.XXX.XXX.XXxxxxxx2024年03月27日verified
9XXX.X.XXX.XXXxxxxxx2024年03月27日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/bin/webserverpredictive
2File/cgi-bin/hi3510/param.cgipredictive
3File/cgi-bin/user/Config.cgipredictive
4File/forum/away.phppredictive
5File/htsrv/call_plugin.phppredictive
6File/uncpath/predictive
7File/var/avamar/f_cache.datpredictive
8File/webmail/predictive
9Fileadmin.asppredictive
10Filexxxxx.xxx?xxxxxx=xxxxxxxxpredictive
11Filexxxxx/xxxxxx_xxxx.xxxpredictive
12Filexxxxx/xxxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxx-xxxxxxxxx.xxxpredictive
15Filex:\xxxxxxx\xxxxpredictive
16Filexxxxxx.xxxpredictive
17Filex_xxxxxxpredictive
18Filexxxxxxx.xxxxx.xxxpredictive
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictive
20Filexxxxxxxxxxxxxxxxxx.xxxpredictive
21Filexx-xxxxxxx/xxxxxxxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxx/xxxxxx.xpredictive
27Filexxxxxx.xxpredictive
28Filexxxxxxxxxxxxx.xxxpredictive
29Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
30Filexxx/xxxx/xxx_xxxxxx.xpredictive
31Filexxx/xxxxxpredictive
32Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictive
33Filexxxx/?x=xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
34Filexxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
35Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
36Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxxxxx.xxxpredictive
39Filexxx/xxxxx.xpredictive
40Filexxxxxxx/xxxxx.xxxpredictive
41Filexxx.xxxpredictive
42Filexxxx-xxxxx.xxxpredictive
43Filexx-xxxxxxxxx.xxxpredictive
44Filexxxxxxxxxx.xxxpredictive
45Libraryxx/xxx/xxxx_xxxxxx.xxxpredictive
46Libraryxxxxxxxxxxxxxxx.xxxpredictive
47Libraryxxxx.xxx.xxxpredictive
48Argumentxxx_xxxxx_xxxxpredictive
49Argumentxxxxxxxxxxxpredictive
50Argumentxxxxxxxpredictive
51Argumentxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxxxxpredictive
54Argumentxxpredictive
55Argumentxxxxxxxxpredictive
56Argumentxxxxpredictive
57Argumentx_x_xpredictive
58Argumentxxxxxxxxxxxxx xxpredictive
59Argumentxxxx_xxxpredictive
60Argumentxxxpredictive
61Argumentxxxxxxxpredictive
62Argumentxxxxxxxxxpredictive
63Argumentxxxxxxxpredictive
64Argumentxx_xxpredictive
65Argumentxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxx_xxxxxxxxxxxx_xxxpredictive
68Argumentx-xxx-xx-xxpredictive
69Input Value..predictive
70Input Value../predictive
71Input Value/xxxxxx&xxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictive
72Input Value<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />predictive
73Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!