IOC Radar
DomainMediumSignal 100/100

beamofthemoon.com

Location
United StatesUnited States
First Seen
Nov 6, 2024
Last Seen
Jun 15, 2026
Nov 6
First Seen
594d ago
Jun 15
Last Seen
8d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseav/edr bypassavedr agentavedr bypassbitcoinblacksuitblockchainbotnetbyovdc2c2 communicationc2 domainc2 ipcobalt strikecode snippetcommand and controlcommand executioncommodity contracts intermediationconticortex xdrcredential accesscrypto exchangecrypto miningcrypto walletcryptocurrencycybercrime forumscybereason edrdata breachdata encryptiondata exfiltrationdata theftdecentralized financedigital currencydistributed attacksedr_evasionencryptionexploitextortionfigureindicatoringress tool transferivanti connectjoshilateral movementlsassmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionnetworknevernorth americaphishingpost-exploitationprocess injectionpsexecransomwarercloneresearchedrubeussafetykatzscripting attackssecure vpnservicesystem disruptiont1003t1003.001t1005t1021t1021.002t1027t1041t1055t1059t1059.001t1071t1071.001t1078t1082t1086t1105t1136t1136.001t1204.002t1486t1490t1496t1499.002t1499.003t1560t1562t1562.001t1565t1566t1567t1567.002t1569t1569.002t1573.001t1614threatthreat actor profilingtoolsunitunited states

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenNov 6, 2024
Last seenJun 15, 2026

VirusTotal

Not checked

WHOIS

description
BlackSuit 勒索软件团伙是 Royal 勒索软件的演化版本,具备高度复杂的攻击手法。该团伙在攻击中使用 Cobalt Strike 进行命令与控制(C2),使用 rclone 工具进行数据外泄,并在文件加密前删除部分数据以加快攻击流程。BlackSuit 在加密阶段还使用了 -nomutex 参数,允许多个实例并发执行,提升加密效率并绕过防护机制。此次攻击体现出其多阶段、隐蔽性强且具破坏力的特征,对企业信息资产构成严重威胁。
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative email: [email protected] Administrative state: REDACTED FOR PRIVACY Create date: 2024-03-13 00:00:00 Domain name: beamofthemoon.com Domain registrar id: 81 Domain registrar url: http://www.gandi.net Expiry date: 2025-03-13 00:00:00 Query time: 2024-03-14 10:22:51 Registrant city: 1f8f4166599d23ee Registrant country: United States Registrant email: [email protected] Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 1a82ad3bd5389416 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical email: [email protected] Technical state: REDACTED FOR PRIVACY Update date: 2024-03-13 00:00:00
references
https://www.cybereason.com/blog/blacksuit-data-exfil, https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 12 threat reports