Moon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en938
de36
fr16
es6
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de36
gb22
fr16
es6
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Moon3
Carbanak1
Confucius1
Cerber1
LokiBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined242
Operating System76
Router Operating System28
Business Process Management Software20
Smartphone Operating System16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
IBM72
Microsoft42
Oracle24
Juniper22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows28
Juniper Junos20
Linux Kernel18
Vera Veralite14
IBM AIX14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00548CVE-2017-0055
2Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078
3IBM Cognos Disclosure Management EdrawSoft ActiveX Component access control10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00452CVE-2013-0501
4VMware vSphere Client Certificate cryptographic issues4.84.2$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00059CVE-2014-1210
5Cisco IOS Service Module access control7.87.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00042CVE-2013-5522
6Sun Solaris tcsh Remote Code Execution8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00122CVE-2003-1024
7IBM Cognos TM1 API denial of service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00228CVE-2013-0484
8IBM AIX TLS 7pk security3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00368CVE-2016-0266
9Automatedsolutions Modbus/TCP Master OPC Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.190.68790CVE-2010-4709
10Microsoft MS-DOS/Windows Carbon Copy 32 information disclosure3.33.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00000
11IBM Tivoli Monitoring Express Enterprise Portal kde.dll heap-based overflow10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.90916CVE-2007-2137
12Cisco Call Manager cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00257CVE-2007-4633
13Asterisk PBX res_http_websocket.so resource management6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.61746CVE-2018-17281
14Red Hat Enterprise Linux Desktop 389 Directory Server Password information management7.57.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00647CVE-2016-5405
15IBM AIX rmsock Kernel information disclosure4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00055CVE-2018-1655
16Citrix Receiver Desktop Lock Screen Lock access control6.86.6$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000.00419CVE-2016-9111
17IBM Cognos TM1 admin input validation4.34.2$5k-$25kCalculatingNot DefinedOfficial Fix0.000.00112CVE-2016-0381
18Juniper Junos srxpfe resource consumption6.86.7$5k-$25kCalculatingNot DefinedOfficial Fix0.000.00112CVE-2019-0052
19Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.030.96872CVE-2010-3972
20Microsoft Internet Explorer memory corruption6.96.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.09181CVE-2014-8985

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.148.18.154goodmail.proMoon02/12/2022verifiedHigh
269.197.128.34mail1.mvlashstore.topMoon02/12/2022verifiedHigh
378.128.92.137Moon02/12/2022verifiedHigh
482.68.206.12582-68-206-125.dsl.in-addr.zen.co.ukMoon02/12/2022verifiedHigh
5XX.XXX.XXX.XXXxxx02/12/2022verifiedHigh
6XX.XXX.XXX.XXXXxxx02/12/2022verifiedHigh
7XX.XXX.XXX.XXXXxxx02/12/2022verifiedHigh
8XXX.X.XX.XXxxxx-x-x.xxxx.xxxXxxx02/12/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxx.xx-xxx-xxx-xxx.xxXxxx02/12/2022verifiedHigh
10XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxx02/12/2022verifiedHigh
11XXX.XXX.XXX.XXXxxx02/12/2022verifiedHigh
12XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxx02/12/2022verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxx.xxXxxx02/12/2022verifiedHigh
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxx02/12/2022verifiedHigh
15XXX.XX.X.XXXxxx02/12/2022verifiedHigh
16XXX.XX.XX.XXXXxxx02/12/2022verifiedHigh
17XXX.XX.XXX.XXxxx02/12/2022verifiedHigh
18XXX.XX.XXX.XXXxxxxxxxxxxxxxxx.xxxXxxx02/12/2022verifiedHigh
19XXX.XXX.XX.XXXxxx02/12/2022verifiedHigh
20XXX.XX.XXX.XXXxxxx.xxxxxx.xxxxxxxxxxxxx.xxXxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (196)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/appLms/ajax.server.phppredictiveHigh
2File/config/pw_changeusers.htmlpredictiveHigh
3File/dev/dri/card1predictiveHigh
4File/etc/cmh/cmh.confpredictiveHigh
5File/etc/shadowpredictiveMedium
6File/includes/plugins/mobile/scripts/login.phppredictiveHigh
7File/monitor/data/Upgrade/predictiveHigh
8File/port_3480predictiveMedium
9File/proc/kcore/predictiveMedium
10File/Site/Troubleshooting/DiagnosticReport.asppredictiveHigh
11File/systemlog.logpredictiveHigh
12File/tmppredictiveLow
13File/uncpath/predictiveMedium
14Fileadmin/src/containers/InputModalStepperProvider/index.jspredictiveHigh
15Fileadmin\db\DoSql.phppredictiveHigh
16Fileadmsession.phppredictiveHigh
17Fileapcupsd_status.phppredictiveHigh
18FileAppOpsService.javapredictiveHigh
19Fileapp\contacts\contact_addresses.phppredictiveHigh
20Fileapp\contacts\contact_edit.phppredictiveHigh
21Fileapp\messages\messages_thread.phppredictiveHigh
22Filearch/powerpc/mm/mmu_context_book3s64.cpredictiveHigh
23FileBaseWidgetProvider.javapredictiveHigh
24Filexxxxxx/xxxxxxx.xpredictiveHigh
25Filexxxxxx.xpredictiveMedium
26Filexxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxxxxxx/xxxxxxxxxx/xxxxxxpredictiveHigh
29Filexxxxxx/xx_xxxx.xxxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxx/xxxxxxxxxxxx.xxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxx.xpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxx_xxxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
38Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictiveHigh
39Filexxxxxxx/xxxxx/xx-xxxxxxx.xpredictiveHigh
40Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx.xpredictiveHigh
41Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx/xxxx_xxx_xxx.xpredictiveHigh
42Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
43Filexxxxxxx/xxx/xxxxx/xxx.xpredictiveHigh
44Filexxxxxxx/xxx/xxxxx/xxx-xxx.xpredictiveHigh
45Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
46Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveHigh
47Filexxxxxxx/xxx/xxxx/xxxxxxxxx.xpredictiveHigh
48Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveHigh
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxx.xxxpredictiveHigh
51Filexxx_xxxxxxxx.xxpredictiveHigh
52Filexxxx_xxxxxxxxx.xpredictiveHigh
53Filexxxx/xxxxxxxxxx.xxpredictiveHigh
54Filexxxxxxxx/xxxxxxx.xpredictiveHigh
55Filexx/xxxxx/xxxxx-xxxxxx.xpredictiveHigh
56Filexx/xxxxx/xxxxxx.xpredictiveHigh
57Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxpredictiveHigh
58Filexxxxxxxx_xxxxxx.xxpredictiveHigh
59Filexxx_xxxx.xxpredictiveMedium
60Filexxx_xxxxxx.xxxpredictiveHigh
61Filexxxx/xxxxx/xx/xxxxxpredictiveHigh
62Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHigh
63Filexx/xxxx/xxx_xxxxxx.xpredictiveHigh
64Filexx/xxx/xxx-xxxx.xpredictiveHigh
65Filexx/xxxxxx/xxxxxx.xpredictiveHigh
66Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictiveHigh
67Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
68Filexxxxx.xxxpredictiveMedium
69Filexxxxx.xxx?x=xxxxxx-xxxxxxpredictiveHigh
70Filexxxxxx/xxxxxxx/xxxxx.xpredictiveHigh
71Filexxxxxx/xxxxx.xpredictiveHigh
72Filexxxx/xxx/x/xxx_xxxxxx.xpredictiveHigh
73Filexxxx/xxx/x/xxx_xxxx.xpredictiveHigh
74Filexxxxxx.xpredictiveMedium
75Filexxxxx.xxxxpredictiveMedium
76Filexxxx.xxx.xxxpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxx.xxx?x=xxxxxpredictiveHigh
79Filexxxx.xxx?x=xxxxxpredictiveHigh
80Filexxxx.xxx?x=xxxxx&xxxx=xpredictiveHigh
81Filexxxxxxx.xpredictiveMedium
82Filexx_xxxx.xpredictiveMedium
83Filexxxxxx/xxxxx.xxxpredictiveHigh
84Filexxxxxxxx.xpredictiveMedium
85Filexxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxx.xxxpredictiveMedium
87Filexxx_xx_xxx.xxpredictiveHigh
88Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
89Filexxx_xxxxxx.xxxxpredictiveHigh
90Filexxxxx.xxxpredictiveMedium
91Filexxxxxxxxxxx.xxxpredictiveHigh
92Filexxxxxxxxxxxxxx.xxxpredictiveHigh
93Filexxxxxxxxxx.xxxpredictiveHigh
94Filexxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
96Filexxxxx_xxx.xxxpredictiveHigh
97Filexxxxxx/xxx_xxxxxxx.xxxpredictiveHigh
98Filexxxxx.xxxpredictiveMedium
99Filexxxxx.xxpredictiveMedium
100Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
101Filexxxxx.xxpredictiveMedium
102Filexxx/xxx_xxx_xxxxxxxx.xpredictiveHigh
103Filexxx_xxxx_xxxxxxxxx.xxpredictiveHigh
104Filexxx.xpredictiveLow
105Filexxxxxxxx/xxxx/xxxxxx.xpredictiveHigh
106Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
107Filexxxxxx_xxxxxxxxx.xxxpredictiveHigh
108Filexxxxxxxxxx.xxxpredictiveHigh
109Filexxxxx/xxxx/xxx_xxxxxx.xpredictiveHigh
110Filexxxxxx.xxxpredictiveMedium
111Filexxxxxxxxxx/xxxxxx_xxxxxxxx_xxxxxxx_xxxxxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
112Filexxxxxxxxxxxxxx.xxxxxxx.xxxxxxx.xxxpredictiveHigh
113Filexxxxxx.xxxpredictiveMedium
114Filexxxx.xpredictiveLow
115Filexxxxxxxxx.xpredictiveMedium
116Filexxxxxxx.xxxpredictiveMedium
117Filexx/xxxxxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
118Filexxx_xxxxxx.xpredictiveMedium
119Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
120Filexxx_xxxxxxxxx.xpredictiveHigh
121Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
122Filexxx/xxxxxxx/xxxx/xxxx/xxxx.xxxpredictiveHigh
123Filexxxx/xxxx_xxxxxxxxx.xpredictiveHigh
124Libraryxxxxxx.xxxpredictiveMedium
125Libraryxxxxxx.xxxpredictiveMedium
126Libraryxxxxxxxxx.xxxpredictiveHigh
127Libraryxxx.xxxpredictiveLow
128Libraryxxxxxx.xxxpredictiveMedium
129Libraryxxxxxxx.xxxpredictiveMedium
130Libraryxxxxxxxxxxxx.xxxxxx.xxxpredictiveHigh
131Libraryxxxxxxx.xxxpredictiveMedium
132Libraryxxxxxx.xxxpredictiveMedium
133Argument$xxxxxpredictiveLow
134Argument$xxxxxx.xxxxxxxxpredictiveHigh
135Argumentxxxxxx-xxxxxxxxpredictiveHigh
136ArgumentxxxxxxxxxxxpredictiveMedium
137ArgumentxxxpredictiveLow
138ArgumentxxxxpredictiveLow
139Argumentxxxxxxx_xxxxpredictiveMedium
140Argumentxxxxxx.xxxx[]/xxxxxx.xxxxx[]predictiveHigh
141ArgumentxxxxxxpredictiveLow
142Argumentxxxxxxxxx/xxx-xxxxxxpredictiveHigh
143ArgumentxxxxxpredictiveLow
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxxxxxpredictiveMedium
146Argumentxxxxxx_xxxpredictiveMedium
147Argumentxxxxxx_xxxxxxpredictiveHigh
148Argumentxxxx_xxxxxxxxpredictiveHigh
149ArgumentxxpredictiveLow
150Argumentxx_xxxxx_xxxxxxxxxxpredictiveHigh
151ArgumentxxxxpredictiveLow
152Argumentxx-xpredictiveLow
153ArgumentxxxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156Argumentx_xxxxpredictiveLow
157ArgumentxxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159ArgumentxxxxxxxxxxxpredictiveMedium
160Argumentx_xx_x_xpredictiveMedium
161ArgumentxxxxxpredictiveLow
162Argumentxxxxx_xxxxxxpredictiveMedium
163ArgumentxxxxxxxxpredictiveMedium
164Argumentxxxxxx_xxxxpredictiveMedium
165ArgumentxxxpredictiveLow
166ArgumentxxxxxxxxxxxxpredictiveMedium
167Argumentxxxxxx/xxxxxx/xxxpredictiveHigh
168ArgumentxxxxxxxpredictiveLow
169Argumentxxxxxxx/xx/xxxxxxxxxxx/xxxx_xxpredictiveHigh
170ArgumentxxxxxxxxpredictiveMedium
171Argumentxxxxxx_xxxxpredictiveMedium
172ArgumentxxxpredictiveLow
173Argumentxxxx_xxxxxxxxpredictiveHigh
174Argumentxxxxxx xxxxx xxpredictiveHigh
175Argumentxxxxxx xxxxxxxpredictiveHigh
176ArgumentxxxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxpredictiveLow
179ArgumentxxxpredictiveLow
180ArgumentxxxpredictiveLow
181Argumentxxxx-xxxxxpredictiveMedium
182ArgumentxxxxxxxxpredictiveMedium
183Input Value..predictiveLow
184Input Value../predictiveLow
185Input Value/../predictiveLow
186Input Valuexxx.xxxx.%xxx.%xxxpredictiveHigh
187Input ValuexxxxxxxxpredictiveMedium
188Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
189Input Value{"x":(xxxxxxxx(){xxxxxxx(x)})()}predictiveHigh
190Pattern|xx|xx|xx|predictiveMedium
191Pattern|xx xx xx xx xx|predictiveHigh
192Network Portxxx xxxxxpredictiveMedium
193Network Portxxxxxxxxxx xxxxxxxpredictiveHigh
194Network Portxxx/xxxxpredictiveMedium
195Network Portxxx/xxxxpredictiveMedium
196Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!