DomainMediumSignal 47/100

`m00nlight.top`

First Seen

Feb 16, 2023

Last Seen

May 8, 2026

Feb 16

First Seen

1224d ago

May 8

Last Seen

48d ago

Reports

source reports

47%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

47%

Signal Score

47 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

7 techniques

Feed Intelligence Summary

3 reports47% confidence

Source reports

47%

Confidence score

Category tags

anna paulabotnetcommand and controldata exfiltrationdgadistributed attacksfrom emailheadersindicatormalicious softwaremalspam emailmalwaremsi filenetworkphishingprocess injectionransomwareresearchedself-signedspamt1055t1071.001t1486t1496t1499.002t1499.003t1565zip archive

Activity Timeline

1 total obs

May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **mnlight.top** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, malware, phishing, ransomware, and spam activities. First observed on February

Threat ScoreMedium Risk

SIGNAL

Signal Score

47%

Confidence

Reports

First seenFeb 16, 2023

Last seenMay 8, 2026

VirusTotal

Not checked

WHOIS

description: In the latest episode of the LNK forensic analysis series, we look at how a malicious file was linked to a Chinese-speaking threat actor, who then modified the file to target a powershell program.

`m00nlight.top`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey