Luna Moth Analysisinfo

IOB - Indicator of Behavior (98)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en64
zh26
ru4
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

BusyBox6
phpMyAdmin4
Linux Kernel4
SalesForce Tableau Server4
Esri ArcGIS Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.61
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.97CVE-2006-6168
3Linux Kernel KASAN radix_tree_lookup use after free8.08.0$5k-$25k$5k-$25kNot definedNot defined 0.000000.00CVE-2023-4610
4Project Worlds Online Lawyer Management System admin_user.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.000350.08CVE-2025-3170
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.911381.62CVE-2020-15906
6SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000570.11CVE-2023-0283
7Grafana Dashboard path traversal6.26.1$0-$5k$0-$5kNot definedNot definedpossible0.648120.06CVE-2022-32275
8SSZipArchive symlink6.86.7$0-$5k$0-$5kNot definedNot defined 0.001490.00CVE-2022-36943
9BusyBox netstat privilege escalation7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.071900.04CVE-2022-28391
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140280.36CVE-2007-1287
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.22CVE-2010-0966
12Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot definedOfficial fix 0.002970.04CVE-2018-25085
13MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.14CVE-2007-0354
14SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.023051.01CVE-2022-28959
15OpenBSD OpenSSH PKCS 11 unquoted search path8.28.0$25k-$100k$5k-$25kProof-of-ConceptOfficial fixpossible0.547680.04CVE-2023-38408
16CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000740.06CVE-2024-11676
17Host SMTP Server privileges management7.36.8$0-$5k$0-$5kHighWorkaroundpossible0.000000.00CVE-1999-0617
18esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailablepossible0.002770.00CVE-2010-4996
19Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial fix 0.005530.32CVE-2015-5911
20Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000630.11CVE-2024-10425

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (80)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.238.40.28hwsrv-979679.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
223.238.40.29hwsrv-979677.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
323.238.40.30hwsrv-979678.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
423.238.40.31hwsrv-979680.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
523.238.40.32hwsrv-979681.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
623.254.227.79client-23-254-227-79.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
723.254.228.211hwsrv-981934.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
823.254.229.90client-23-254-229-90.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
9104.168.135.71hwsrv-975503.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
10104.168.164.244client-104-168-164-244.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
11104.168.171.104hwsrv-979189.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
12104.168.171.231hwsrv-979190.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedMedium
13104.168.201.87client-104-168-201-87.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
14104.168.201.100client-104-168-201-100.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
15104.168.201.129client-104-168-201-129.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
16104.168.204.231client-104-168-204-231.hostwindsdns.comLuna MothSubscription Scam07/19/2022verifiedLow
17XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
18XXX.XX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
19XXX.XX.XXX.XXXxxxxxx-xxx-xx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
20XXX.XX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
21XXX.XX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
22XXX.XX.XXX.XXXxxxxxx-xxx-xx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
23XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
24XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
25XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
26XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
27XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
28XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
29XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
30XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
31XXX.XXX.XXX.XXxxx XxxxXxxxxxxx Xxxxxxxx11/28/2022verifiedMedium
32XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
33XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
34XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
35XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
36XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
37XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
38XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
39XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
40XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
41XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
42XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
43XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
44XXX.XXX.XXX.Xxxxx.xxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
45XXX.XXX.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
46XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
47XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
48XXX.XXX.XXX.Xxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
49XXX.XXX.XXX.Xxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
50XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
51XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
52XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
53XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
54XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
55XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
56XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
57XXX.XXX.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
58XXX.XXX.XXX.XXXxxxxx.xxxxxx.xxxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
59XXX.XXX.XXX.XXXxxxxx.xx-xxxxxxxxxx.xxxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
60XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
61XXX.XXX.XXX.Xxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
62XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
63XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
64XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
65XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
66XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
67XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
68XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
69XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
70XXX.XXX.XXX.Xxxxxxx-xxx-xxx-xxx-x.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
71XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
72XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
73XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
74XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium
75XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
76XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
77XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
78XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
79XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedLow
80XXX.XX.XXX.XXXXxxx XxxxXxxxxxxxxxxx Xxxx07/19/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit-card-detail.phppredictiveHigh
2File/admin_user.phppredictiveHigh
3File/apply/index.phppredictiveHigh
4File/backend/admin/his_admin_add_lab_equipment.phppredictiveHigh
5File/bookspredictiveLow
6File/forum/away.phppredictiveHigh
7File/oauth/idp/.well-known/openid-configurationpredictiveHigh
8File/out.phppredictiveMedium
9File/xxxxxxxxx//../predictiveHigh
10File/xxxx.xxxpredictiveMedium
11File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxx_xx_xxxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx/xxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxx_xxxxxx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexx/xxxxxxxx/xxxxxxx.xpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
24Filexx/xxx_xxxxxxx.xx.xxxpredictiveHigh
25Filexxxxxxx/xxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
27Filexxx/xxx/xx_xxx.xpredictiveHigh
28Filexxx_xxxx.xxxpredictiveMedium
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
34Filexxxxxx_xxxxxx.xxxpredictiveHigh
35Filexxxx-xxxxx.xxxpredictiveHigh
36Filexxxx-xxxxxxxx.xxxpredictiveHigh
37Filexxx.xxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39Argumentxxxxx_xx/xxxxxxx_xxpredictiveHigh
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxpredictiveLow
42Argumentxxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxpredictiveHigh
43ArgumentxxxxpredictiveLow
44ArgumentxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxpredictiveLow
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxxpredictiveLow
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxpredictiveLow
56ArgumentxxxpredictiveLow
57Network Portxxx/xx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!