TheMoon تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (167)

التسلسل الزمني

اللغة

en140
zh10
sv6
de4
es4

البلد

us160
se6
ro2

الفاعلين

TheMoon3
Royal1
Mirai1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined50
Content Management System18
Operating System12
Firewall Software12
Router Operating System8

المجهز

Not Defined48
Microsoft10
Cisco8
Juniper4
EMC4

منتج

Microsoft Windows10
Kingsoft WPS Office4
Cisco IOS4
Palo Alto PAN-OS4
Sonus SBC 10004

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.30CVE-2020-15906
2SonicWALL SMA100 libSys.so تلف الذاكرة8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003430.03CVE-2019-7482
3Juniper Junos SRX ICAP Redirect Service تلف الذاكرة8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.00CVE-2020-1647
4Espruino jsvar.c jsvNewFromString تلف الذاكرة5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2022-25044
5Sophos Cyberoam Firewall SSL VPN Console تجاوز الصلاحيات8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006420.03CVE-2019-17059
6VMware Tools حالة السباق7.77.7$5k-$25k$0-$5kNot DefinedNot Defined0.000440.02CVE-2020-3941
7Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
8Huawei SXXXX XML Parser تجاوز الصلاحيات3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
9Guo Xu Guos Posting System print.asp حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.022720.00CVE-2007-0554
10WiX Toolset Installer Temp تجاوز الصلاحيات7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2024-29187
11Microsoft Windows Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.000540.04CVE-2023-36802
12Moment.js اجتياز الدليل6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.06CVE-2022-24785
13Qualiteam X-Cart home.php حقن إس كيو إل7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010120.00CVE-2005-1822
14SourceCodester Online Eyewear Shop حقن إس كيو إل7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.07CVE-2023-0673
15SourceCodester Online Food Ordering System manage_user.php حقن إس كيو إل8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005310.06CVE-2023-0332
16lirantal daloradius Privilege Escalation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.05CVE-2023-0046
17SnakeYAML YAML File تلف الذاكرة3.13.0$0-$5k$0-$5kNot DefinedNot Defined0.001520.03CVE-2022-41854
18Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002450.03CVE-2018-11541
19Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface اجتياز الدليل6.46.4$0-$5kجاري الحسابNot DefinedNot Defined0.001720.02CVE-2018-11543
20XenForo Admin Panel سكربتات مشتركة4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-43032

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.143.201.87colo21.ntup.netTheMoon27/03/2024verifiedعالي
291.215.158.0TheMoon27/03/2024verifiedعالي
3XXX.XXX.X.XXXxxxxxxxx.xx-xxx-xxx-x.xxXxxxxxx27/03/2024verifiedعالي
4XXX.XXX.XX.XXxxxxxxxx.xx-xxx-xxx-xx.xxXxxxxxx27/03/2024verifiedعالي
5XXX.XXX.XX.XXxxxxxx27/03/2024verifiedعالي
6XXX.XXX.XX.XXxxxx.xxxxxxxxxxxx.xxx.xxXxxxxxx27/03/2024verifiedعالي
7XXX.XXX.XX.XXxxxxxxxx.xx-xxx-xxx-xx.xxXxxxxxx27/03/2024verifiedعالي
8XXX.XXX.XXX.XXxxxxxx27/03/2024verifiedعالي
9XXX.X.XXX.XXXxxxxxx27/03/2024verifiedعالي

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bin/webserverpredictiveعالي
2File/cgi-bin/hi3510/param.cgipredictiveعالي
3File/cgi-bin/user/Config.cgipredictiveعالي
4File/forum/away.phppredictiveعالي
5File/htsrv/call_plugin.phppredictiveعالي
6File/uncpath/predictiveمتوسط
7File/var/avamar/f_cache.datpredictiveعالي
8File/webmail/predictiveمتوسط
9Fileadmin.asppredictiveمتوسط
10Filexxxxx.xxx?xxxxxx=xxxxxxxxpredictiveعالي
11Filexxxxx/xxxxxx_xxxx.xxxpredictiveعالي
12Filexxxxx/xxxxxxxxx.xxxpredictiveعالي
13Filexxxxxxx.xxxpredictiveمتوسط
14Filexxxxxx-xxxxxxxxx.xxxpredictiveعالي
15Filex:\xxxxxxx\xxxxpredictiveعالي
16Filexxxxxx.xxxpredictiveمتوسط
17Filex_xxxxxxpredictiveمتوسط
18Filexxxxxxx.xxxxx.xxxpredictiveعالي
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveعالي
20Filexxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
21Filexx-xxxxxxx/xxxxxxxpredictiveعالي
22Filexxxxxxx.xxxpredictiveمتوسط
23Filexxxx.xxxpredictiveمتوسط
24Filexxxxx.xxxpredictiveمتوسط
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxxxx/xxxxxx.xpredictiveعالي
27Filexxxxxx.xxpredictiveمتوسط
28Filexxxxxxxxxxxxx.xxxpredictiveعالي
29Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveعالي
30Filexxx/xxxx/xxx_xxxxxx.xpredictiveعالي
31Filexxx/xxxxxpredictiveمتوسط
32Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveعالي
33Filexxxx/?x=xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveعالي
34Filexxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveعالي
35Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
36Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveعالي
37Filexxxxx.xxxpredictiveمتوسط
38Filexxxxxxxxx.xxxpredictiveعالي
39Filexxx/xxxxx.xpredictiveمتوسط
40Filexxxxxxx/xxxxx.xxxpredictiveعالي
41Filexxx.xxxpredictiveواطئ
42Filexxxx-xxxxx.xxxpredictiveعالي
43Filexx-xxxxxxxxx.xxxpredictiveعالي
44Filexxxxxxxxxx.xxxpredictiveعالي
45Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveعالي
46Libraryxxxxxxxxxxxxxxx.xxxpredictiveعالي
47Libraryxxxx.xxx.xxxpredictiveمتوسط
48Argumentxxx_xxxxx_xxxxpredictiveعالي
49Argumentxxxxxxxxxxxpredictiveمتوسط
50Argumentxxxxxxxpredictiveواطئ
51Argumentxxxxxpredictiveواطئ
52Argumentxxxxpredictiveواطئ
53Argumentxxxxxxxpredictiveواطئ
54Argumentxxpredictiveواطئ
55Argumentxxxxxxxxpredictiveمتوسط
56Argumentxxxxpredictiveواطئ
57Argumentx_x_xpredictiveواطئ
58Argumentxxxxxxxxxxxxx xxpredictiveعالي
59Argumentxxxx_xxxpredictiveمتوسط
60Argumentxxxpredictiveواطئ
61Argumentxxxxxxxpredictiveواطئ
62Argumentxxxxxxxxxpredictiveمتوسط
63Argumentxxxxxxxpredictiveواطئ
64Argumentxx_xxpredictiveواطئ
65Argumentxxxxpredictiveواطئ
66Argumentxxxxxxxxpredictiveمتوسط
67Argumentxxx_xxxxxxxxxxxx_xxxpredictiveعالي
68Argumentx-xxx-xx-xxpredictiveمتوسط
69Input Value..predictiveواطئ
70Input Value../predictiveواطئ
71Input Value/xxxxxx&xxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveعالي
72Input Value<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />predictiveعالي
73Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!