Moon 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en928
de34
fr30
es4
it2

国・地域

de34
fr28
gb20
ru4
es4

アクター

Moon4
Carbanak1
Confucius1
Cerber1
LokiBot1

アクティビティ

関心

タイムライン

タイプ

Not Defined254
Operating System78
Router Operating System34
Smartphone Operating System28
Business Process Management Software18

ベンダー

Not Defined108
IBM66
Microsoft44
Juniper26
Cisco22

製品

Microsoft Windows24
Juniper Junos24
Linux Kernel22
Google Android16
IBM AIX16

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
2Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.45CVE-2014-4078
3IBM Cognos Disclosure Management EdrawSoft ActiveX Component 特権昇格10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.004520.00CVE-2013-0501
4VMware vSphere Client Certificate 弱い暗号化4.84.2$5k-$25k$0-$5kUnprovenOfficial Fix0.000590.00CVE-2014-1210
5Cisco IOS Service Module 特権昇格7.87.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2013-5522
6Sun Solaris tcsh Remote Code Execution8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001220.00CVE-2003-1024
7IBM Cognos TM1 API サービス拒否5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002280.00CVE-2013-0484
8IBM AIX TLS 特権昇格3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003680.02CVE-2016-0266
9Automatedsolutions Modbus/TCP Master OPC Server メモリ破損10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.687900.04CVE-2010-4709
10Microsoft MS-DOS/Windows Carbon Copy 32 情報の漏洩3.33.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.02
11IBM Tivoli Monitoring Express Enterprise Portal kde.dll メモリ破損10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.909160.00CVE-2007-2137
12Cisco Call Manager クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002490.00CVE-2007-4633
13Asterisk PBX res_http_websocket.so サービス拒否6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.617460.03CVE-2018-17281
14Red Hat Enterprise Linux Desktop 389 Directory Server Password 情報の漏洩7.57.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.006470.00CVE-2016-5405
15IBM AIX rmsock Kernel 情報の漏洩4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.03CVE-2018-1655
16Citrix Receiver Desktop Lock Screen Lock 特権昇格6.86.6$5k-$25k$0-$5kProof-of-ConceptUnavailable0.004190.05CVE-2016-9111
17IBM Cognos TM1 admin 特権昇格4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.00CVE-2016-0381
18Juniper Junos srxpfe サービス拒否6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.02CVE-2019-0052
19Microsoft IIS FTP Server メモリ破損7.57.2$25k-$100k$0-$5kHighOfficial Fix0.968430.05CVE-2010-3972
20Microsoft Internet Explorer メモリ破損6.96.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.091810.05CVE-2014-8985

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.148.18.154goodmail.proMoon2022年02月12日verified
269.197.128.34mail1.mvlashstore.topMoon2022年02月12日verified
378.128.92.137Moon2022年02月12日verified
482.68.206.12582-68-206-125.dsl.in-addr.zen.co.ukMoon2022年02月12日verified
5XX.XXX.XXX.XXXxxx2022年02月12日verified
6XX.XXX.XXX.XXXXxxx2022年02月12日verified
7XX.XXX.XXX.XXXXxxx2022年02月12日verified
8XXX.X.XX.XXxxxx-x-x.xxxx.xxxXxxx2022年02月12日verified
9XXX.XXX.XXX.XXXxxxxxxxxx.xx-xxx-xxx-xxx.xxXxxx2022年02月12日verified
10XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxx2022年02月12日verified
11XXX.XXX.XXX.XXXxxx2022年02月12日verified
12XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxx2022年02月12日verified
13XXX.XXX.XXX.XXxxxxxxxxx.xxXxxx2022年02月12日verified
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxx2022年02月12日verified
15XXX.XX.X.XXXxxx2022年02月12日verified
16XXX.XX.XX.XXXXxxx2022年02月12日verified
17XXX.XX.XXX.XXxxx2022年02月12日verified
18XXX.XX.XXX.XXXxxxxxxxxxxxxxxx.xxxXxxx2022年02月12日verified
19XXX.XXX.XX.XXXxxx2022年02月12日verified
20XXX.XX.XXX.XXXxxxx.xxxxxx.xxxxxxxxxxxxx.xxXxxx2022年02月12日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (196)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/appLms/ajax.server.phppredictive
2File/config/pw_changeusers.htmlpredictive
3File/dev/dri/card1predictive
4File/etc/cmh/cmh.confpredictive
5File/etc/shadowpredictive
6File/includes/plugins/mobile/scripts/login.phppredictive
7File/monitor/data/Upgrade/predictive
8File/port_3480predictive
9File/proc/kcore/predictive
10File/Site/Troubleshooting/DiagnosticReport.asppredictive
11File/systemlog.logpredictive
12File/tmppredictive
13File/uncpath/predictive
14Fileadmin/src/containers/InputModalStepperProvider/index.jspredictive
15Fileadmin\db\DoSql.phppredictive
16Fileadmsession.phppredictive
17Fileapcupsd_status.phppredictive
18FileAppOpsService.javapredictive
19Fileapp\contacts\contact_addresses.phppredictive
20Fileapp\contacts\contact_edit.phppredictive
21Fileapp\messages\messages_thread.phppredictive
22Filearch/powerpc/mm/mmu_context_book3s64.cpredictive
23FileBaseWidgetProvider.javapredictive
24Filexxxxxx/xxxxxxx.xpredictive
25Filexxxxxx.xpredictive
26Filexxxxxxxxxxxxx.xxxxx.xxxpredictive
27Filexxxx.xxxpredictive
28Filexxxxxxxxx/xxxxxxxxxx/xxxxxxpredictive
29Filexxxxxx/xx_xxxx.xxxxpredictive
30Filexxxxxxx.xxxpredictive
31Filexxxx/xxxxxxxxxxxx.xxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictive
32Filexxxxxxxx.xpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
35Filexxxx_xxxxxxx.xxxpredictive
36Filexxx/xxxxxxx.xxxpredictive
37Filexxxxxxx/xxx/xxx-xxxx.xpredictive
38Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictive
39Filexxxxxxx/xxxxx/xx-xxxxxxx.xpredictive
40Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx.xpredictive
41Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx/xxxx_xxx_xxx.xpredictive
42Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictive
43Filexxxxxxx/xxx/xxxxx/xxx.xpredictive
44Filexxxxxxx/xxx/xxxxx/xxx-xxx.xpredictive
45Filexxxxxxx/xxx/xxxx/xxxx.xpredictive
46Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictive
47Filexxxxxxx/xxx/xxxx/xxxxxxxxx.xpredictive
48Filexxxxxxx/xxx/xxxx/xxxxx.xpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxxxxxxxxx.xxxpredictive
51Filexxx_xxxxxxxx.xxpredictive
52Filexxxx_xxxxxxxxx.xpredictive
53Filexxxx/xxxxxxxxxx.xxpredictive
54Filexxxxxxxx/xxxxxxx.xpredictive
55Filexx/xxxxx/xxxxx-xxxxxx.xpredictive
56Filexx/xxxxx/xxxxxx.xpredictive
57Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxpredictive
58Filexxxxxxxx_xxxxxx.xxpredictive
59Filexxx_xxxx.xxpredictive
60Filexxx_xxxxxx.xxxpredictive
61Filexxxx/xxxxx/xx/xxxxxpredictive
62Filexx/xxxxxxx/xxxxxx_xxx.xpredictive
63Filexx/xxxx/xxx_xxxxxx.xpredictive
64Filexx/xxx/xxx-xxxx.xpredictive
65Filexx/xxxxxx/xxxxxx.xpredictive
66Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictive
67Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictive
68Filexxxxx.xxxpredictive
69Filexxxxx.xxx?x=xxxxxx-xxxxxxpredictive
70Filexxxxxx/xxxxxxx/xxxxx.xpredictive
71Filexxxxxx/xxxxx.xpredictive
72Filexxxx/xxx/x/xxx_xxxxxx.xpredictive
73Filexxxx/xxx/x/xxx_xxxx.xpredictive
74Filexxxxxx.xpredictive
75Filexxxxx.xxxxpredictive
76Filexxxx.xxx.xxxpredictive
77Filexxxx.xxxpredictive
78Filexxxx.xxx?x=xxxxxpredictive
79Filexxxx.xxx?x=xxxxxpredictive
80Filexxxx.xxx?x=xxxxx&xxxx=xpredictive
81Filexxxxxxx.xpredictive
82Filexx_xxxx.xpredictive
83Filexxxxxx/xxxxx.xxxpredictive
84Filexxxxxxxx.xpredictive
85Filexxxxxxxxx.xxxpredictive
86Filexxxxxxx.xxxpredictive
87Filexxx_xx_xxx.xxpredictive
88Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
89Filexxx_xxxxxx.xxxxpredictive
90Filexxxxx.xxxpredictive
91Filexxxxxxxxxxx.xxxpredictive
92Filexxxxxxxxxxxxxx.xxxpredictive
93Filexxxxxxxxxx.xxxpredictive
94Filexxxxxxxxxxxxxx.xxxpredictive
95Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
96Filexxxxx_xxx.xxxpredictive
97Filexxxxxx/xxx_xxxxxxx.xxxpredictive
98Filexxxxx.xxxpredictive
99Filexxxxx.xxpredictive
100Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
101Filexxxxx.xxpredictive
102Filexxx/xxx_xxx_xxxxxxxx.xpredictive
103Filexxx_xxxx_xxxxxxxxx.xxpredictive
104Filexxx.xpredictive
105Filexxxxxxxx/xxxx/xxxxxx.xpredictive
106Filexxxxxx_xxxxxxxx.xxxpredictive
107Filexxxxxx_xxxxxxxxx.xxxpredictive
108Filexxxxxxxxxx.xxxpredictive
109Filexxxxx/xxxx/xxx_xxxxxx.xpredictive
110Filexxxxxx.xxxpredictive
111Filexxxxxxxxxx/xxxxxx_xxxxxxxx_xxxxxxx_xxxxxxx_xxxxxxx_xxxxxxxx.xxxpredictive
112Filexxxxxxxxxxxxxx.xxxxxxx.xxxxxxx.xxxpredictive
113Filexxxxxx.xxxpredictive
114Filexxxx.xpredictive
115Filexxxxxxxxx.xpredictive
116Filexxxxxxx.xxxpredictive
117Filexx/xxxxxx/xxxxxxxxxxxxxxxxx.xxxxpredictive
118Filexxx_xxxxxx.xpredictive
119Filexxxxxxxxxx_xxxxxxxxx.xxxpredictive
120Filexxx_xxxxxxxxx.xpredictive
121Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
122Filexxx/xxxxxxx/xxxx/xxxx/xxxx.xxxpredictive
123Filexxxx/xxxx_xxxxxxxxx.xpredictive
124Libraryxxxxxx.xxxpredictive
125Libraryxxxxxx.xxxpredictive
126Libraryxxxxxxxxx.xxxpredictive
127Libraryxxx.xxxpredictive
128Libraryxxxxxx.xxxpredictive
129Libraryxxxxxxx.xxxpredictive
130Libraryxxxxxxxxxxxx.xxxxxx.xxxpredictive
131Libraryxxxxxxx.xxxpredictive
132Libraryxxxxxx.xxxpredictive
133Argument$xxxxxpredictive
134Argument$xxxxxx.xxxxxxxxpredictive
135Argumentxxxxxx-xxxxxxxxpredictive
136Argumentxxxxxxxxxxxpredictive
137Argumentxxxpredictive
138Argumentxxxxpredictive
139Argumentxxxxxxx_xxxxpredictive
140Argumentxxxxxx.xxxx[]/xxxxxx.xxxxx[]predictive
141Argumentxxxxxxpredictive
142Argumentxxxxxxxxx/xxx-xxxxxxpredictive
143Argumentxxxxxpredictive
144Argumentxxxxxxxxpredictive
145Argumentxxxxxxxxpredictive
146Argumentxxxxxx_xxxpredictive
147Argumentxxxxxx_xxxxxxpredictive
148Argumentxxxx_xxxxxxxxpredictive
149Argumentxxpredictive
150Argumentxx_xxxxx_xxxxxxxxxxpredictive
151Argumentxxxxpredictive
152Argumentxx-xpredictive
153Argumentxxxxxpredictive
154Argumentxxxxxpredictive
155Argumentxxxxxxpredictive
156Argumentx_xxxxpredictive
157Argumentxxxxxxxxxxpredictive
158Argumentxxxxxxxxxpredictive
159Argumentxxxxxxxxxxxpredictive
160Argumentx_xx_x_xpredictive
161Argumentxxxxxpredictive
162Argumentxxxxx_xxxxxxpredictive
163Argumentxxxxxxxxpredictive
164Argumentxxxxxx_xxxxpredictive
165Argumentxxxpredictive
166Argumentxxxxxxxxxxxxpredictive
167Argumentxxxxxx/xxxxxx/xxxpredictive
168Argumentxxxxxxxpredictive
169Argumentxxxxxxx/xx/xxxxxxxxxxx/xxxx_xxpredictive
170Argumentxxxxxxxxpredictive
171Argumentxxxxxx_xxxxpredictive
172Argumentxxxpredictive
173Argumentxxxx_xxxxxxxxpredictive
174Argumentxxxxxx xxxxx xxpredictive
175Argumentxxxxxx xxxxxxxpredictive
176Argumentxxxxxxxxxxpredictive
177Argumentxxxxxxxxxxxpredictive
178Argumentxxxxxpredictive
179Argumentxxxpredictive
180Argumentxxxpredictive
181Argumentxxxx-xxxxxpredictive
182Argumentxxxxxxxxpredictive
183Input Value..predictive
184Input Value../predictive
185Input Value/../predictive
186Input Valuexxx.xxxx.%xxx.%xxxpredictive
187Input Valuexxxxxxxxpredictive
188Input Value::$xxxxx_xxxxxxxxxxpredictive
189Input Value{"x":(xxxxxxxx(){xxxxxxx(x)})()}predictive
190Pattern|xx|xx|xx|predictive
191Pattern|xx xx xx xx xx|predictive
192Network Portxxx xxxxxpredictive
193Network Portxxxxxxxxxx xxxxxxxpredictive
194Network Portxxx/xxxxpredictive
195Network Portxxx/xxxxpredictive
196Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!