Moses Staff Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (6)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	4
zh	2

Country

cn	2
ru	2

Actors

Moses Staff	3
Liberty Front Press	1
Specter	1
Mirai	1
TA551	1

Activities

Interest

Timeline

Type

Not Defined	2
Mail Client Software	2
Router Operating System	2

Vendor

Nrl	2
Mozilla	2
TP-LINK	2

Product

Nrl opie	2
Mozilla Thunderbird	2
TP-LINK TL-SC3130	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Synacor Zimbra Collaboration autoSaveDraft cross site scripting	6.2	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.46424	0.00	CVE-2023-34192
2	WordPress wpdb->prepare sql injection	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00389	0.03	CVE-2017-16510
3	Nrl opie readrec.c __opiereadrec numeric error	10.0	9.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.86924	0.03	CVE-2010-1938
4	Microsoft Exchange Server ProxyNotShell server-side request forgery	7.5	7.5	$5k-$25k	$0-$5k	High	Workaround	0.96616	0.03	CVE-2022-41040
5	Mozilla Thunderbird iFrame access control	5.4	5.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00089	0.00	CVE-2022-28286
6	TP-LINK TL-SC3130 RTSP Stream image.jpg information disclosure	7.4	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04485	0.02	CVE-2018-18428

Campaigns (1)

These are the campaigns that can be associated with the actor:

DriveGuard

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	87.120.8.210		Moses Staff	DriveGuard	02/21/2022	verified	High
2	XX.XXX.XXX.XX		Xxxxx Xxxxx		10/29/2021	verified	High
3	XXX.XXX.XXX.XXX	xx.xxxx-xxxxxx.xxxxxxx.xxx	Xxxxx Xxxxx		10/29/2021	verified	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/h/autoSaveDraft	predictive	High
2	File	/xxx/xxxxx.xxx	predictive	High
3	File	xxxxxxx.x	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!