Moon تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

التسلسل الزمني

اللغة

en918
de40
fr26
es10
pl4

البلد

de40
fr24
gb20
es10
pl4

الفاعلين

Moon4
Carbanak1
Confucius1
Cerber1
LokiBot1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined240
Operating System76
Smartphone Operating System30
Router Operating System30
Business Process Management Software26

المجهز

Not Defined126
IBM62
Microsoft42
Oracle26
Linux24

منتج

Linux Kernel24
Juniper Junos24
Microsoft Windows22
Google Android14
Apple iOS12

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
2Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.120.00817CVE-2014-4078
3IBM Cognos Disclosure Management EdrawSoft ActiveX Component تجاوز الصلاحيات10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00452CVE-2013-0501
4VMware vSphere Client Certificate تشفير ضعيف4.84.2$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00059CVE-2014-1210
5Cisco IOS Service Module تجاوز الصلاحيات7.87.0$25k-$100kجاري الحسابProof-of-ConceptOfficial Fix0.000.00042CVE-2013-5522
6Sun Solaris tcsh Remote Code Execution8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00122CVE-2003-1024
7IBM Cognos TM1 API الحرمان من الخدمة5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00228CVE-2013-0484
8IBM AIX TLS تجاوز الصلاحيات3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00368CVE-2016-0266
9Automatedsolutions Modbus/TCP Master OPC Server تلف الذاكرة10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.68790CVE-2010-4709
10Microsoft MS-DOS/Windows Carbon Copy 32 الكشف عن المعلومات3.33.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00000
11IBM Tivoli Monitoring Express Enterprise Portal kde.dll تلف الذاكرة10.09.0$25k-$100kجاري الحسابProof-of-ConceptOfficial Fix0.000.90916CVE-2007-2137
12Cisco Call Manager سكربتات مشتركة4.33.9$5k-$25kجاري الحسابProof-of-ConceptOfficial Fix0.000.00257CVE-2007-4633
13Asterisk PBX res_http_websocket.so الحرمان من الخدمة6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.61746CVE-2018-17281
14Red Hat Enterprise Linux Desktop 389 Directory Server Password الكشف عن المعلومات7.57.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00647CVE-2016-5405
15IBM AIX rmsock Kernel الكشف عن المعلومات4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00055CVE-2018-1655
16Citrix Receiver Desktop Lock Screen Lock تجاوز الصلاحيات6.86.6$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000.00419CVE-2016-9111
17IBM Cognos TM1 admin تجاوز الصلاحيات4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00112CVE-2016-0381
18Juniper Junos srxpfe الحرمان من الخدمة6.86.7$5k-$25kجاري الحسابNot DefinedOfficial Fix0.000.00112CVE-2019-0052
19Microsoft IIS FTP Server تلف الذاكرة7.57.2$25k-$100k$0-$5kHighOfficial Fix0.070.96872CVE-2010-3972
20Microsoft Internet Explorer تلف الذاكرة6.96.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.09181CVE-2014-8985

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
146.148.18.154goodmail.proMoon12/02/2022verifiedعالي
269.197.128.34mail1.mvlashstore.topMoon12/02/2022verifiedعالي
378.128.92.137Moon12/02/2022verifiedعالي
482.68.206.12582-68-206-125.dsl.in-addr.zen.co.ukMoon12/02/2022verifiedعالي
5XX.XXX.XXX.XXXxxx12/02/2022verifiedعالي
6XX.XXX.XXX.XXXXxxx12/02/2022verifiedعالي
7XX.XXX.XXX.XXXXxxx12/02/2022verifiedعالي
8XXX.X.XX.XXxxxx-x-x.xxxx.xxxXxxx12/02/2022verifiedعالي
9XXX.XXX.XXX.XXXxxxxxxxxx.xx-xxx-xxx-xxx.xxXxxx12/02/2022verifiedعالي
10XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxx12/02/2022verifiedعالي
11XXX.XXX.XXX.XXXxxx12/02/2022verifiedعالي
12XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxx12/02/2022verifiedعالي
13XXX.XXX.XXX.XXxxxxxxxxx.xxXxxx12/02/2022verifiedعالي
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxx12/02/2022verifiedعالي
15XXX.XX.X.XXXxxx12/02/2022verifiedعالي
16XXX.XX.XX.XXXXxxx12/02/2022verifiedعالي
17XXX.XX.XXX.XXxxx12/02/2022verifiedعالي
18XXX.XX.XXX.XXXxxxxxxxxxxxxxxx.xxxXxxx12/02/2022verifiedعالي
19XXX.XXX.XX.XXXxxx12/02/2022verifiedعالي
20XXX.XX.XXX.XXXxxxx.xxxxxx.xxxxxxxxxxxxx.xxXxxx12/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
17TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
19TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (196)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/appLms/ajax.server.phppredictiveعالي
2File/config/pw_changeusers.htmlpredictiveعالي
3File/dev/dri/card1predictiveعالي
4File/etc/cmh/cmh.confpredictiveعالي
5File/etc/shadowpredictiveمتوسط
6File/includes/plugins/mobile/scripts/login.phppredictiveعالي
7File/monitor/data/Upgrade/predictiveعالي
8File/port_3480predictiveمتوسط
9File/proc/kcore/predictiveمتوسط
10File/Site/Troubleshooting/DiagnosticReport.asppredictiveعالي
11File/systemlog.logpredictiveعالي
12File/tmppredictiveواطئ
13File/uncpath/predictiveمتوسط
14Fileadmin/src/containers/InputModalStepperProvider/index.jspredictiveعالي
15Fileadmin\db\DoSql.phppredictiveعالي
16Fileadmsession.phppredictiveعالي
17Fileapcupsd_status.phppredictiveعالي
18FileAppOpsService.javapredictiveعالي
19Fileapp\contacts\contact_addresses.phppredictiveعالي
20Fileapp\contacts\contact_edit.phppredictiveعالي
21Fileapp\messages\messages_thread.phppredictiveعالي
22Filearch/powerpc/mm/mmu_context_book3s64.cpredictiveعالي
23FileBaseWidgetProvider.javapredictiveعالي
24Filexxxxxx/xxxxxxx.xpredictiveعالي
25Filexxxxxx.xpredictiveمتوسط
26Filexxxxxxxxxxxxx.xxxxx.xxxpredictiveعالي
27Filexxxx.xxxpredictiveمتوسط
28Filexxxxxxxxx/xxxxxxxxxx/xxxxxxpredictiveعالي
29Filexxxxxx/xx_xxxx.xxxxpredictiveعالي
30Filexxxxxxx.xxxpredictiveمتوسط
31Filexxxx/xxxxxxxxxxxx.xxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
32Filexxxxxxxx.xpredictiveمتوسط
33Filexxxxxxx.xxxpredictiveمتوسط
34Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
35Filexxxx_xxxxxxx.xxxpredictiveعالي
36Filexxx/xxxxxxx.xxxpredictiveعالي
37Filexxxxxxx/xxx/xxx-xxxx.xpredictiveعالي
38Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictiveعالي
39Filexxxxxxx/xxxxx/xx-xxxxxxx.xpredictiveعالي
40Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx.xpredictiveعالي
41Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx/xxxx_xxx_xxx.xpredictiveعالي
42Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveعالي
43Filexxxxxxx/xxx/xxxxx/xxx.xpredictiveعالي
44Filexxxxxxx/xxx/xxxxx/xxx-xxx.xpredictiveعالي
45Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveعالي
46Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveعالي
47Filexxxxxxx/xxx/xxxx/xxxxxxxxx.xpredictiveعالي
48Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveعالي
49Filexxxxxxxx.xxxpredictiveمتوسط
50Filexxxxxxxxxxxx.xxxpredictiveعالي
51Filexxx_xxxxxxxx.xxpredictiveعالي
52Filexxxx_xxxxxxxxx.xpredictiveعالي
53Filexxxx/xxxxxxxxxx.xxpredictiveعالي
54Filexxxxxxxx/xxxxxxx.xpredictiveعالي
55Filexx/xxxxx/xxxxx-xxxxxx.xpredictiveعالي
56Filexx/xxxxx/xxxxxx.xpredictiveعالي
57Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxpredictiveعالي
58Filexxxxxxxx_xxxxxx.xxpredictiveعالي
59Filexxx_xxxx.xxpredictiveمتوسط
60Filexxx_xxxxxx.xxxpredictiveعالي
61Filexxxx/xxxxx/xx/xxxxxpredictiveعالي
62Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveعالي
63Filexx/xxxx/xxx_xxxxxx.xpredictiveعالي
64Filexx/xxx/xxx-xxxx.xpredictiveعالي
65Filexx/xxxxxx/xxxxxx.xpredictiveعالي
66Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictiveعالي
67Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveعالي
68Filexxxxx.xxxpredictiveمتوسط
69Filexxxxx.xxx?x=xxxxxx-xxxxxxpredictiveعالي
70Filexxxxxx/xxxxxxx/xxxxx.xpredictiveعالي
71Filexxxxxx/xxxxx.xpredictiveعالي
72Filexxxx/xxx/x/xxx_xxxxxx.xpredictiveعالي
73Filexxxx/xxx/x/xxx_xxxx.xpredictiveعالي
74Filexxxxxx.xpredictiveمتوسط
75Filexxxxx.xxxxpredictiveمتوسط
76Filexxxx.xxx.xxxpredictiveمتوسط
77Filexxxx.xxxpredictiveمتوسط
78Filexxxx.xxx?x=xxxxxpredictiveعالي
79Filexxxx.xxx?x=xxxxxpredictiveعالي
80Filexxxx.xxx?x=xxxxx&xxxx=xpredictiveعالي
81Filexxxxxxx.xpredictiveمتوسط
82Filexx_xxxx.xpredictiveمتوسط
83Filexxxxxx/xxxxx.xxxpredictiveعالي
84Filexxxxxxxx.xpredictiveمتوسط
85Filexxxxxxxxx.xxxpredictiveعالي
86Filexxxxxxx.xxxpredictiveمتوسط
87Filexxx_xx_xxx.xxpredictiveعالي
88Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
89Filexxx_xxxxxx.xxxxpredictiveعالي
90Filexxxxx.xxxpredictiveمتوسط
91Filexxxxxxxxxxx.xxxpredictiveعالي
92Filexxxxxxxxxxxxxx.xxxpredictiveعالي
93Filexxxxxxxxxx.xxxpredictiveعالي
94Filexxxxxxxxxxxxxx.xxxpredictiveعالي
95Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
96Filexxxxx_xxx.xxxpredictiveعالي
97Filexxxxxx/xxx_xxxxxxx.xxxpredictiveعالي
98Filexxxxx.xxxpredictiveمتوسط
99Filexxxxx.xxpredictiveمتوسط
100Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
101Filexxxxx.xxpredictiveمتوسط
102Filexxx/xxx_xxx_xxxxxxxx.xpredictiveعالي
103Filexxx_xxxx_xxxxxxxxx.xxpredictiveعالي
104Filexxx.xpredictiveواطئ
105Filexxxxxxxx/xxxx/xxxxxx.xpredictiveعالي
106Filexxxxxx_xxxxxxxx.xxxpredictiveعالي
107Filexxxxxx_xxxxxxxxx.xxxpredictiveعالي
108Filexxxxxxxxxx.xxxpredictiveعالي
109Filexxxxx/xxxx/xxx_xxxxxx.xpredictiveعالي
110Filexxxxxx.xxxpredictiveمتوسط
111Filexxxxxxxxxx/xxxxxx_xxxxxxxx_xxxxxxx_xxxxxxx_xxxxxxx_xxxxxxxx.xxxpredictiveعالي
112Filexxxxxxxxxxxxxx.xxxxxxx.xxxxxxx.xxxpredictiveعالي
113Filexxxxxx.xxxpredictiveمتوسط
114Filexxxx.xpredictiveواطئ
115Filexxxxxxxxx.xpredictiveمتوسط
116Filexxxxxxx.xxxpredictiveمتوسط
117Filexx/xxxxxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
118Filexxx_xxxxxx.xpredictiveمتوسط
119Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveعالي
120Filexxx_xxxxxxxxx.xpredictiveعالي
121Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
122Filexxx/xxxxxxx/xxxx/xxxx/xxxx.xxxpredictiveعالي
123Filexxxx/xxxx_xxxxxxxxx.xpredictiveعالي
124Libraryxxxxxx.xxxpredictiveمتوسط
125Libraryxxxxxx.xxxpredictiveمتوسط
126Libraryxxxxxxxxx.xxxpredictiveعالي
127Libraryxxx.xxxpredictiveواطئ
128Libraryxxxxxx.xxxpredictiveمتوسط
129Libraryxxxxxxx.xxxpredictiveمتوسط
130Libraryxxxxxxxxxxxx.xxxxxx.xxxpredictiveعالي
131Libraryxxxxxxx.xxxpredictiveمتوسط
132Libraryxxxxxx.xxxpredictiveمتوسط
133Argument$xxxxxpredictiveواطئ
134Argument$xxxxxx.xxxxxxxxpredictiveعالي
135Argumentxxxxxx-xxxxxxxxpredictiveعالي
136Argumentxxxxxxxxxxxpredictiveمتوسط
137Argumentxxxpredictiveواطئ
138Argumentxxxxpredictiveواطئ
139Argumentxxxxxxx_xxxxpredictiveمتوسط
140Argumentxxxxxx.xxxx[]/xxxxxx.xxxxx[]predictiveعالي
141Argumentxxxxxxpredictiveواطئ
142Argumentxxxxxxxxx/xxx-xxxxxxpredictiveعالي
143Argumentxxxxxpredictiveواطئ
144Argumentxxxxxxxxpredictiveمتوسط
145Argumentxxxxxxxxpredictiveمتوسط
146Argumentxxxxxx_xxxpredictiveمتوسط
147Argumentxxxxxx_xxxxxxpredictiveعالي
148Argumentxxxx_xxxxxxxxpredictiveعالي
149Argumentxxpredictiveواطئ
150Argumentxx_xxxxx_xxxxxxxxxxpredictiveعالي
151Argumentxxxxpredictiveواطئ
152Argumentxx-xpredictiveواطئ
153Argumentxxxxxpredictiveواطئ
154Argumentxxxxxpredictiveواطئ
155Argumentxxxxxxpredictiveواطئ
156Argumentx_xxxxpredictiveواطئ
157Argumentxxxxxxxxxxpredictiveمتوسط
158Argumentxxxxxxxxxpredictiveمتوسط
159Argumentxxxxxxxxxxxpredictiveمتوسط
160Argumentx_xx_x_xpredictiveمتوسط
161Argumentxxxxxpredictiveواطئ
162Argumentxxxxx_xxxxxxpredictiveمتوسط
163Argumentxxxxxxxxpredictiveمتوسط
164Argumentxxxxxx_xxxxpredictiveمتوسط
165Argumentxxxpredictiveواطئ
166Argumentxxxxxxxxxxxxpredictiveمتوسط
167Argumentxxxxxx/xxxxxx/xxxpredictiveعالي
168Argumentxxxxxxxpredictiveواطئ
169Argumentxxxxxxx/xx/xxxxxxxxxxx/xxxx_xxpredictiveعالي
170Argumentxxxxxxxxpredictiveمتوسط
171Argumentxxxxxx_xxxxpredictiveمتوسط
172Argumentxxxpredictiveواطئ
173Argumentxxxx_xxxxxxxxpredictiveعالي
174Argumentxxxxxx xxxxx xxpredictiveعالي
175Argumentxxxxxx xxxxxxxpredictiveعالي
176Argumentxxxxxxxxxxpredictiveمتوسط
177Argumentxxxxxxxxxxxpredictiveمتوسط
178Argumentxxxxxpredictiveواطئ
179Argumentxxxpredictiveواطئ
180Argumentxxxpredictiveواطئ
181Argumentxxxx-xxxxxpredictiveمتوسط
182Argumentxxxxxxxxpredictiveمتوسط
183Input Value..predictiveواطئ
184Input Value../predictiveواطئ
185Input Value/../predictiveواطئ
186Input Valuexxx.xxxx.%xxx.%xxxpredictiveعالي
187Input Valuexxxxxxxxpredictiveمتوسط
188Input Value::$xxxxx_xxxxxxxxxxpredictiveعالي
189Input Value{"x":(xxxxxxxx(){xxxxxxx(x)})()}predictiveعالي
190Pattern|xx|xx|xx|predictiveمتوسط
191Pattern|xx xx xx xx xx|predictiveعالي
192Network Portxxx xxxxxpredictiveمتوسط
193Network Portxxxxxxxxxx xxxxxxxpredictiveعالي
194Network Portxxx/xxxxpredictiveمتوسط
195Network Portxxx/xxxxpredictiveمتوسط
196Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!