TheMoon Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (167)

Język

en	140
zh	10
ru	6
sv	6
de	2

Kraj

us	162
se	2
ro	2
cn	2

Aktorzy

TheMoon	4
Royal	1
Mirai	1

Wysiłek

Rodzaj

Not Defined	60
Operating System	24
Content Management System	18
Web Server	8
Firewall Software	8

Sprzedawca

Not Defined	52
Microsoft	14
Linux	8
Acme	6
F5	6

Produkt

Microsoft Windows	12
WordPress	8
Linux Kernel	8
Acme Mini HTTPd	4
F5 BIG-IP	4

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Tiki Admin Password tiki-login.php weak authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.29	CVE-2020-15906
2	SonicWALL SMA100 libSys.so memory corruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00343	0.03	CVE-2019-7482
3	Juniper Junos SRX ICAP Redirect Service memory corruption	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00932	0.00	CVE-2020-1647
4	Espruino jsvar.c jsvNewFromString memory corruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2022-25044
5	Sophos Cyberoam Firewall SSL VPN Console privilege escalation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00642	0.03	CVE-2019-17059
6	VMware Tools race condition	7.7	7.7	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2020-3941
7	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.06	CVE-2017-0055
8	Huawei SXXXX XML Parser privilege escalation	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
9	Guo Xu Guos Posting System print.asp sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02272	0.00	CVE-2007-0554
10	WiX Toolset Installer Temp privilege escalation	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2024-29187
11	Microsoft Windows Privilege Escalation	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.00054	0.04	CVE-2023-36802
12	Moment.js directory traversal	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.06	CVE-2022-24785
13	Qualiteam X-Cart home.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01012	0.00	CVE-2005-1822
14	SourceCodester Online Eyewear Shop sql injection	7.1	7.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.07	CVE-2023-0673
15	SourceCodester Online Food Ordering System manage_user.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00531	0.06	CVE-2023-0332
16	lirantal daloradius Privilege Escalation	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.05	CVE-2023-0046
17	SnakeYAML YAML File memory corruption	3.1	3.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00152	0.03	CVE-2022-41854
18	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface privilege escalation	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00245	0.03	CVE-2018-11541
19	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface directory traversal	6.4	6.4	$0-$5k	Obliczenie	Not Defined	Not Defined	0.00172	0.02	CVE-2018-11543
20	XenForo Admin Panel cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.03	CVE-2021-43032

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	45.143.201.87	colo21.ntup.net	TheMoon	2024-03-27	verified	Wysoki
2	91.215.158.0		TheMoon	2024-03-27	verified	Wysoki
3	XXX.XXX.X.XXX	xxxxxxxx.xx-xxx-xxx-x.xx	Xxxxxxx	2024-03-27	verified	Wysoki
4	XXX.XXX.XX.XX	xxxxxxxx.xx-xxx-xxx-xx.xx	Xxxxxxx	2024-03-27	verified	Wysoki
5	XXX.XXX.XX.X		Xxxxxxx	2024-03-27	verified	Wysoki
6	XXX.XXX.XX.XX	xxxx.xxxxxxxxxxxx.xxx.xx	Xxxxxxx	2024-03-27	verified	Wysoki
7	XXX.XXX.XX.XX	xxxxxxxx.xx-xxx-xxx-xx.xx	Xxxxxxx	2024-03-27	verified	Wysoki
8	XXX.XXX.XXX.X		Xxxxxxx	2024-03-27	verified	Wysoki
9	XXX.X.XXX.XX		Xxxxxxx	2024-03-27	verified	Wysoki

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Wysoki
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
10	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
11	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
13	TXXXX	CAPEC-20	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/bin/webserver	predictive	Wysoki
2	File	/cgi-bin/hi3510/param.cgi	predictive	Wysoki
3	File	/cgi-bin/user/Config.cgi	predictive	Wysoki
4	File	/forum/away.php	predictive	Wysoki
5	File	/htsrv/call_plugin.php	predictive	Wysoki
6	File	/uncpath/	predictive	Medium
7	File	/var/avamar/f_cache.dat	predictive	Wysoki
8	File	/webmail/	predictive	Medium
9	File	admin.asp	predictive	Medium
10	File	xxxxx.xxx?xxxxxx=xxxxxxxx	predictive	Wysoki
11	File	xxxxx/xxxxxx_xxxx.xxx	predictive	Wysoki
12	File	xxxxx/xxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxxxx-xxxxxxxxx.xxx	predictive	Wysoki
15	File	x:\xxxxxxx\xxxx	predictive	Wysoki
16	File	xxxxxx.xxx	predictive	Medium
17	File	x_xxxxxx	predictive	Medium
18	File	xxxxxxx.xxxxx.xxx	predictive	Wysoki
19	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.x	predictive	Wysoki
20	File	xxxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
21	File	xx-xxxxxxx/xxxxxxx	predictive	Wysoki
22	File	xxxxxxx.xxx	predictive	Medium
23	File	xxxx.xxx	predictive	Medium
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxx.xxx	predictive	Medium
26	File	xxxxxx/xxxxxx.x	predictive	Wysoki
27	File	xxxxxx.xx	predictive	Medium
28	File	xxxxxxxxxxxxx.xxx	predictive	Wysoki
29	File	xxx/xxxxxxxxx/xxxxx_xxxx.x	predictive	Wysoki
30	File	xxx/xxxx/xxx_xxxxxx.x	predictive	Wysoki
31	File	xxx/xxxxx	predictive	Medium
32	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Wysoki
33	File	xxxx/?x=xxxxxxxx/xxxx_xxxxxxx.xxx	predictive	Wysoki
34	File	xxxx/xxxxxxxx/xxxx_xxxxxxx.xxx	predictive	Wysoki
35	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Wysoki
36	File	xxxxxx/xxxxxxxxxx/xxx/xxxx.xxx	predictive	Wysoki
37	File	xxxxx.xxx	predictive	Medium
38	File	xxxxxxxxx.xxx	predictive	Wysoki
39	File	xxx/xxxxx.x	predictive	Medium
40	File	xxxxxxx/xxxxx.xxx	predictive	Wysoki
41	File	xxx.xxx	predictive	Niski
42	File	xxxx-xxxxx.xxx	predictive	Wysoki
43	File	xx-xxxxxxxxx.xxx	predictive	Wysoki
44	File	xxxxxxxxxx.xxx	predictive	Wysoki
45	Library	xx/xxx/xxxx_xxxxxx.xxx	predictive	Wysoki
46	Library	xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
47	Library	xxxx.xxx.xxx	predictive	Medium
48	Argument	xxx_xxxxx_xxxx	predictive	Wysoki
49	Argument	xxxxxxxxxxx	predictive	Medium
50	Argument	xxxxxxx	predictive	Niski
51	Argument	xxxxx	predictive	Niski
52	Argument	xxxx	predictive	Niski
53	Argument	xxxxxxx	predictive	Niski
54	Argument	xx	predictive	Niski
55	Argument	xxxxxxxx	predictive	Medium
56	Argument	xxxx	predictive	Niski
57	Argument	x_x_x	predictive	Niski
58	Argument	xxxxxxxxxxxxx xx	predictive	Wysoki
59	Argument	xxxx_xxx	predictive	Medium
60	Argument	xxx	predictive	Niski
61	Argument	xxxxxxx	predictive	Niski
62	Argument	xxxxxxxxx	predictive	Medium
63	Argument	xxxxxxx	predictive	Niski
64	Argument	xx_xx	predictive	Niski
65	Argument	xxxx	predictive	Niski
66	Argument	xxxxxxxx	predictive	Medium
67	Argument	xxx_xxxxxxxxxxxx_xxx	predictive	Wysoki
68	Argument	x-xxx-xx-xx	predictive	Medium
69	Input Value	..	predictive	Niski
70	Input Value	../	predictive	Niski
71	Input Value	/xxxxxx&xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	Wysoki
72	Input Value	<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />	predictive	Wysoki
73	Network Port	xxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxx	predictive	Wysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!