SYMBOLCOMMON_NAMEaka. SYNONYMS
win.moontag (Back to overview)

MOONTAG

The malware, potentially named "MOON_TAG" by its developer as indicated by the strings within, is derived from code shared in a Google Group (https://groups.google.com/g/ph4nt0m/c/2J3_1XPeKD8/m/AYPoWudRcTAJ?pli=1). Each variant discovered possesses capabilities to communicate via the Microsoft Graph API. At this moment, it appears to be in development.

References
2024-08-07SymantecThreat Hunter Team
Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
GoGra MOONTAG Ondritols TONERJAM

There is no Yara-Signature yet.