Moon Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Язык

en	930
de	42
fr	24
es	4

Страна

de	42
fr	22
gb	10
es	4
ru	2

Акторы

Moon	3

Интерес

Тип

Not Defined	234
Operating System	84
Router Operating System	40
Web Server	24
Smartphone Operating System	22

Поставщик

Not Defined	102
IBM	66
Microsoft	58
Juniper	34
Brocade	24

Продукт

Juniper Junos	34
Microsoft Windows	32
Brocade Fabric OS	16
Microsoft IIS	16
Linux Kernel	16

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
2	Microsoft IIS IP/Domain Restriction эскалация привилегий	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.27	CVE-2014-4078
3	IBM Cognos Disclosure Management EdrawSoft ActiveX Component эскалация привилегий	10.0	8.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00452	0.00	CVE-2013-0501
4	VMware vSphere Client Certificate слабое шифрование	4.8	4.2	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00059	0.00	CVE-2014-1210
5	Cisco IOS Service Module эскалация привилегий	7.8	7.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.00	CVE-2013-5522
6	Sun Solaris tcsh Remote Code Execution	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00122	0.00	CVE-2003-1024
7	IBM Cognos TM1 API отказ в обслуживании	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00228	0.00	CVE-2013-0484
8	IBM AIX TLS эскалация привилегий	3.7	3.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00368	0.02	CVE-2016-0266
9	Automatedsolutions Modbus/TCP Master OPC Server повреждение памяти	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.68790	0.04	CVE-2010-4709
10	Microsoft MS-DOS/Windows Carbon Copy 32 раскрытие информации	3.3	3.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
11	IBM Tivoli Monitoring Express Enterprise Portal kde.dll повреждение памяти	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.90916	0.00	CVE-2007-2137
12	Cisco Call Manager межсайтовый скриптинг	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00257	0.00	CVE-2007-4633
13	Asterisk PBX res_http_websocket.so отказ в обслуживании	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.61746	0.03	CVE-2018-17281
14	Red Hat Enterprise Linux Desktop 389 Directory Server Password раскрытие информации	7.5	7.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00647	0.00	CVE-2016-5405
15	IBM AIX rmsock Kernel раскрытие информации	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00055	0.03	CVE-2018-1655
16	Citrix Receiver Desktop Lock Screen Lock эскалация привилегий	6.8	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00419	0.04	CVE-2016-9111
17	IBM Cognos TM1 admin эскалация привилегий	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00112	0.00	CVE-2016-0381
18	Juniper Junos srxpfe отказ в обслуживании	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00112	0.02	CVE-2019-0052
19	Microsoft IIS FTP Server повреждение памяти	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.03	CVE-2010-3972
20	Microsoft Internet Explorer повреждение памяти	6.9	6.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.09181	0.05	CVE-2014-8985

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	46.148.18.154	goodmail.pro	Moon	12.02.2022	verified	Высокий
2	69.197.128.34	mail1.mvlashstore.top	Moon	12.02.2022	verified	Высокий
3	78.128.92.137		Moon	12.02.2022	verified	Высокий
4	82.68.206.125	82-68-206-125.dsl.in-addr.zen.co.uk	Moon	12.02.2022	verified	Высокий
5	XX.XXX.XXX.XX		Xxxx	12.02.2022	verified	Высокий
6	XX.XXX.XXX.XXX		Xxxx	12.02.2022	verified	Высокий
7	XX.XXX.XXX.XXX		Xxxx	12.02.2022	verified	Высокий
8	XXX.X.XX.XX	xxxx-x-x.xxxx.xxx	Xxxx	12.02.2022	verified	Высокий
9	XXX.XXX.XXX.XXX	xxxxxxxxx.xx-xxx-xxx-xxx.xx	Xxxx	12.02.2022	verified	Высокий
10	XXX.XXX.XXX.XX	xxxxxxxx.xxxxxxxxxx.xxx	Xxxx	12.02.2022	verified	Высокий
11	XXX.XXX.XXX.XX		Xxxx	12.02.2022	verified	Высокий
12	XXX.XXX.XXX.XX	xxxxx.xxxxxxxxxxx.xxx	Xxxx	12.02.2022	verified	Высокий
13	XXX.XXX.XXX.XX	xxxxxxxxx.xx	Xxxx	12.02.2022	verified	Высокий
14	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxx.xxx.xx	Xxxx	12.02.2022	verified	Высокий
15	XXX.XX.X.XX		Xxxx	12.02.2022	verified	Высокий
16	XXX.XX.XX.XXX		Xxxx	12.02.2022	verified	Высокий
17	XXX.XX.XXX.X		Xxxx	12.02.2022	verified	Высокий
18	XXX.XX.XXX.XXX	xxxxxxxxxxxxxxx.xxx	Xxxx	12.02.2022	verified	Высокий
19	XXX.XXX.XX.XX		Xxxx	12.02.2022	verified	Высокий
20	XXX.XX.XXX.XXX	xxxx.xxxxxx.xxxxxxxxxxxxx.xx	Xxxx	12.02.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	T1059	CWE-94	Argument Injection	predictive	Высокий
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
12	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
14	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
15	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
16	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
17	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
18	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
19	TXXXX.XXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Высокий
20	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (196)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/appLms/ajax.server.php	predictive	Высокий
2	File	/config/pw_changeusers.html	predictive	Высокий
3	File	/dev/dri/card1	predictive	Высокий
4	File	/etc/cmh/cmh.conf	predictive	Высокий
5	File	/etc/shadow	predictive	Средний
6	File	/includes/plugins/mobile/scripts/login.php	predictive	Высокий
7	File	/monitor/data/Upgrade/	predictive	Высокий
8	File	/port_3480	predictive	Средний
9	File	/proc/kcore/	predictive	Средний
10	File	/Site/Troubleshooting/DiagnosticReport.asp	predictive	Высокий
11	File	/systemlog.log	predictive	Высокий
12	File	/tmp	predictive	Низкий
13	File	/uncpath/	predictive	Средний
14	File	admin/src/containers/InputModalStepperProvider/index.js	predictive	Высокий
15	File	admin\db\DoSql.php	predictive	Высокий
16	File	admsession.php	predictive	Высокий
17	File	apcupsd_status.php	predictive	Высокий
18	File	AppOpsService.java	predictive	Высокий
19	File	app\contacts\contact_addresses.php	predictive	Высокий
20	File	app\contacts\contact_edit.php	predictive	Высокий
21	File	app\messages\messages_thread.php	predictive	Высокий
22	File	arch/powerpc/mm/mmu_context_book3s64.c	predictive	Высокий
23	File	BaseWidgetProvider.java	predictive	Высокий
24	File	xxxxxx/xxxxxxx.x	predictive	Высокий
25	File	xxxxxx.x	predictive	Средний
26	File	xxxxxxxxxxxxx.xxxxx.xxx	predictive	Высокий
27	File	xxxx.xxx	predictive	Средний
28	File	xxxxxxxxx/xxxxxxxxxx/xxxxxx	predictive	Высокий
29	File	xxxxxx/xx_xxxx.xxxx	predictive	Высокий
30	File	xxxxxxx.xxx	predictive	Средний
31	File	xxxx/xxxxxxxxxxxx.xxxxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
32	File	xxxxxxxx.x	predictive	Средний
33	File	xxxxxxx.xxx	predictive	Средний
34	File	xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
35	File	xxxx_xxxxxxx.xxx	predictive	Высокий
36	File	xxx/xxxxxxx.xxx	predictive	Высокий
37	File	xxxxxxx/xxx/xxx-xxxx.x	predictive	Высокий
38	File	xxxxxxx/xxx/xxxxxx/xxxxxx.x	predictive	Высокий
39	File	xxxxxxx/xxxxx/xx-xxxxxxx.x	predictive	Высокий
40	File	xxxxxxx/xxx/xxx/xxx/xxxx_xxx.x	predictive	Высокий
41	File	xxxxxxx/xxx/xxx/xxx/xxxx_xxx/xxxx_xxx_xxx.x	predictive	Высокий
42	File	xxxxxxx/xxx/xxxxxxxxxx/xxxxx.x	predictive	Высокий
43	File	xxxxxxx/xxx/xxxxx/xxx.x	predictive	Высокий
44	File	xxxxxxx/xxx/xxxxx/xxx-xxx.x	predictive	Высокий
45	File	xxxxxxx/xxx/xxxx/xxxx.x	predictive	Высокий
46	File	xxxxxxx/xxx/xxxx/xxxxxx.x	predictive	Высокий
47	File	xxxxxxx/xxx/xxxx/xxxxxxxxx.x	predictive	Высокий
48	File	xxxxxxx/xxx/xxxx/xxxxx.x	predictive	Высокий
49	File	xxxxxxxx.xxx	predictive	Средний
50	File	xxxxxxxxxxxx.xxx	predictive	Высокий
51	File	xxx_xxxxxxxx.xx	predictive	Высокий
52	File	xxxx_xxxxxxxxx.x	predictive	Высокий
53	File	xxxx/xxxxxxxxxx.xx	predictive	Высокий
54	File	xxxxxxxx/xxxxxxx.x	predictive	Высокий
55	File	xx/xxxxx/xxxxx-xxxxxx.x	predictive	Высокий
56	File	xx/xxxxx/xxxxxx.x	predictive	Высокий
57	File	xxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxx	predictive	Высокий
58	File	xxxxxxxx_xxxxxx.xx	predictive	Высокий
59	File	xxx_xxxx.xx	predictive	Средний
60	File	xxx_xxxxxx.xxx	predictive	Высокий
61	File	xxxx/xxxxx/xx/xxxxx	predictive	Высокий
62	File	xx/xxxxxxx/xxxxxx_xxx.x	predictive	Высокий
63	File	xx/xxxx/xxx_xxxxxx.x	predictive	Высокий
64	File	xx/xxx/xxx-xxxx.x	predictive	Высокий
65	File	xx/xxxxxx/xxxxxx.x	predictive	Высокий
66	File	xxxxxxxx-xxxxx-xxxxxxxx.x	predictive	Высокий
67	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxx	predictive	Высокий
68	File	xxxxx.xxx	predictive	Средний
69	File	xxxxx.xxx?x=xxxxxx-xxxxxx	predictive	Высокий
70	File	xxxxxx/xxxxxxx/xxxxx.x	predictive	Высокий
71	File	xxxxxx/xxxxx.x	predictive	Высокий
72	File	xxxx/xxx/x/xxx_xxxxxx.x	predictive	Высокий
73	File	xxxx/xxx/x/xxx_xxxx.x	predictive	Высокий
74	File	xxxxxx.x	predictive	Средний
75	File	xxxxx.xxxx	predictive	Средний
76	File	xxxx.xxx.xxx	predictive	Средний
77	File	xxxx.xxx	predictive	Средний
78	File	xxxx.xxx?x=xxxxx	predictive	Высокий
79	File	xxxx.xxx?x=xxxxx	predictive	Высокий
80	File	xxxx.xxx?x=xxxxx&xxxx=x	predictive	Высокий
81	File	xxxxxxx.x	predictive	Средний
82	File	xx_xxxx.x	predictive	Средний
83	File	xxxxxx/xxxxx.xxx	predictive	Высокий
84	File	xxxxxxxx.x	predictive	Средний
85	File	xxxxxxxxx.xxx	predictive	Высокий
86	File	xxxxxxx.xxx	predictive	Средний
87	File	xxx_xx_xxx.xx	predictive	Высокий
88	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
89	File	xxx_xxxxxx.xxxx	predictive	Высокий
90	File	xxxxx.xxx	predictive	Средний
91	File	xxxxxxxxxxx.xxx	predictive	Высокий
92	File	xxxxxxxxxxxxxx.xxx	predictive	Высокий
93	File	xxxxxxxxxx.xxx	predictive	Высокий
94	File	xxxxxxxxxxxxxx.xxx	predictive	Высокий
95	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Высокий
96	File	xxxxx_xxx.xxx	predictive	Высокий
97	File	xxxxxx/xxx_xxxxxxx.xxx	predictive	Высокий
98	File	xxxxx.xxx	predictive	Средний
99	File	xxxxx.xx	predictive	Средний
100	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
101	File	xxxxx.xx	predictive	Средний
102	File	xxx/xxx_xxx_xxxxxxxx.x	predictive	Высокий
103	File	xxx_xxxx_xxxxxxxxx.xx	predictive	Высокий
104	File	xxx.x	predictive	Низкий
105	File	xxxxxxxx/xxxx/xxxxxx.x	predictive	Высокий
106	File	xxxxxx_xxxxxxxx.xxx	predictive	Высокий
107	File	xxxxxx_xxxxxxxxx.xxx	predictive	Высокий
108	File	xxxxxxxxxx.xxx	predictive	Высокий
109	File	xxxxx/xxxx/xxx_xxxxxx.x	predictive	Высокий
110	File	xxxxxx.xxx	predictive	Средний
111	File	xxxxxxxxxx/xxxxxx_xxxxxxxx_xxxxxxx_xxxxxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Высокий
112	File	xxxxxxxxxxxxxx.xxxxxxx.xxxxxxx.xxx	predictive	Высокий
113	File	xxxxxx.xxx	predictive	Средний
114	File	xxxx.x	predictive	Низкий
115	File	xxxxxxxxx.x	predictive	Средний
116	File	xxxxxxx.xxx	predictive	Средний
117	File	xx/xxxxxx/xxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
118	File	xxx_xxxxxx.x	predictive	Средний
119	File	xxxxxxxxxx_xxxxxxxxx.xxx	predictive	Высокий
120	File	xxx_xxxxxxxxx.x	predictive	Высокий
121	File	xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
122	File	xxx/xxxxxxx/xxxx/xxxx/xxxx.xxx	predictive	Высокий
123	File	xxxx/xxxx_xxxxxxxxx.x	predictive	Высокий
124	Library	xxxxxx.xxx	predictive	Средний
125	Library	xxxxxx.xxx	predictive	Средний
126	Library	xxxxxxxxx.xxx	predictive	Высокий
127	Library	xxx.xxx	predictive	Низкий
128	Library	xxxxxx.xxx	predictive	Средний
129	Library	xxxxxxx.xxx	predictive	Средний
130	Library	xxxxxxxxxxxx.xxxxxx.xxx	predictive	Высокий
131	Library	xxxxxxx.xxx	predictive	Средний
132	Library	xxxxxx.xxx	predictive	Средний
133	Argument	$xxxxx	predictive	Низкий
134	Argument	$xxxxxx.xxxxxxxx	predictive	Высокий
135	Argument	xxxxxx-xxxxxxxx	predictive	Высокий
136	Argument	xxxxxxxxxxx	predictive	Средний
137	Argument	xxx	predictive	Низкий
138	Argument	xxxx	predictive	Низкий
139	Argument	xxxxxxx_xxxx	predictive	Средний
140	Argument	xxxxxx.xxxx[]/xxxxxx.xxxxx[]	predictive	Высокий
141	Argument	xxxxxx	predictive	Низкий
142	Argument	xxxxxxxxx/xxx-xxxxxx	predictive	Высокий
143	Argument	xxxxx	predictive	Низкий
144	Argument	xxxxxxxx	predictive	Средний
145	Argument	xxxxxxxx	predictive	Средний
146	Argument	xxxxxx_xxx	predictive	Средний
147	Argument	xxxxxx_xxxxxx	predictive	Высокий
148	Argument	xxxx_xxxxxxxx	predictive	Высокий
149	Argument	xx	predictive	Низкий
150	Argument	xx_xxxxx_xxxxxxxxxx	predictive	Высокий
151	Argument	xxxx	predictive	Низкий
152	Argument	xx-x	predictive	Низкий
153	Argument	xxxxx	predictive	Низкий
154	Argument	xxxxx	predictive	Низкий
155	Argument	xxxxxx	predictive	Низкий
156	Argument	x_xxxx	predictive	Низкий
157	Argument	xxxxxxxxxx	predictive	Средний
158	Argument	xxxxxxxxx	predictive	Средний
159	Argument	xxxxxxxxxxx	predictive	Средний
160	Argument	x_xx_x_x	predictive	Средний
161	Argument	xxxxx	predictive	Низкий
162	Argument	xxxxx_xxxxxx	predictive	Средний
163	Argument	xxxxxxxx	predictive	Средний
164	Argument	xxxxxx_xxxx	predictive	Средний
165	Argument	xxx	predictive	Низкий
166	Argument	xxxxxxxxxxxx	predictive	Средний
167	Argument	xxxxxx/xxxxxx/xxx	predictive	Высокий
168	Argument	xxxxxxx	predictive	Низкий
169	Argument	xxxxxxx/xx/xxxxxxxxxxx/xxxx_xx	predictive	Высокий
170	Argument	xxxxxxxx	predictive	Средний
171	Argument	xxxxxx_xxxx	predictive	Средний
172	Argument	xxx	predictive	Низкий
173	Argument	xxxx_xxxxxxxx	predictive	Высокий
174	Argument	xxxxxx xxxxx xx	predictive	Высокий
175	Argument	xxxxxx xxxxxxx	predictive	Высокий
176	Argument	xxxxxxxxxx	predictive	Средний
177	Argument	xxxxxxxxxxx	predictive	Средний
178	Argument	xxxxx	predictive	Низкий
179	Argument	xxx	predictive	Низкий
180	Argument	xxx	predictive	Низкий
181	Argument	xxxx-xxxxx	predictive	Средний
182	Argument	xxxxxxxx	predictive	Средний
183	Input Value	..	predictive	Низкий
184	Input Value	../	predictive	Низкий
185	Input Value	/../	predictive	Низкий
186	Input Value	xxx.xxxx.%xxx.%xxx	predictive	Высокий
187	Input Value	xxxxxxxx	predictive	Средний
188	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Высокий
189	Input Value	{"x":(xxxxxxxx(){xxxxxxx(x)})()}	predictive	Высокий
190	Pattern	\|xx\|xx\|xx\|	predictive	Средний
191	Pattern	\|xx xx xx xx xx\|	predictive	Высокий
192	Network Port	xxx xxxxx	predictive	Средний
193	Network Port	xxxxxxxxxx xxxxxxx	predictive	Высокий
194	Network Port	xxx/xxxx	predictive	Средний
195	Network Port	xxx/xxxx	predictive	Средний
196	Network Port	xxx xxxxxx xxxx	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!