ioc[.]one - OSINT Cyber Threat Intelligence Database

Shelob Moonlight – Spinning a Larger Web - Cynet

Tags

cmtmf-attack-pattern:	Masquerading Process Injection
country:	Canada Netherlands Germany France Gabon Lithuania Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Hooking - T1617 Impair Defenses - T1562 Impair Defenses - T1629 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Regsvr32 - T1218.010 Rundll32 - T1218.011 Software - T1592.002 Hooking - T1179 Masquerading - T1036 Powershell - T1086 Process Injection - T1055 Regsvr32 - T1117 Rundll32 - T1085 User Execution - T1204 Hooking Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	6c3e795e-71f0-4994-82d5-ef93a42a2e1d
Fingerprint	20358bdd231f0715
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 25, 2022, 2:24 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Shelob Moonlight – Spinning a Larger Web
Title	Shelob Moonlight – Spinning a Larger Web - Cynet
Detected Hints/Tags/Attributes	178/4/104

Source URLs

	Redirection	Url
Details	Source	https://www.cynet.com/attack-techniques-hands-on/shelob-moonlight-spinning-a-larger-web/

URL Provider

Details	Provider	Source level domain
Details	cynet.com	www.cynet.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	dsedertyhuiokle.top
Details	Domain	74	code.jquery.com
Details	Domain	59	torproject.org
Details	Domain	1	contirecovery.top
Details	File	173	outlook.exe
Details	File	2	c:\program files\7-zip\7zfm.exe
Details	File	323	winword.exe
Details	File	1	7zo77b8.tmp
Details	File	6	21.doc
Details	File	1018	rundll32.exe
Details	File	459	regsvr32.exe
Details	File	23	c:\windows\system32\regsvr32.exe
Details	File	1	c:\users\public\globalstorage.jpg
Details	File	1	svvhos.dat
Details	File	2	lertio.cer
Details	File	34	license.dat
Details	File	1	agmupn.dll
Details	File	2125	cmd.exe
Details	File	20	c:\windows\syswow64\cmd.exe
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	1	xugi64.exe
Details	File	1	ovuleq.exe
Details	File	92	c:\windows\system32\svchost.exe
Details	File	9	c:\windows\system32\wuauclt.exe
Details	File	5	c:\windows\system32\mstsc.exe
Details	File	85	c:\windows\system32\dllhost.exe
Details	File	74	mstsc.exe
Details	File	1122	svchost.exe
Details	File	1208	powershell.exe
Details	File	36	compression.gzip
Details	File	57	system.dll
Details	File	748	kernel32.dll
Details	File	269	msiexec.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	306	services.exe
Details	File	2	md.dll
Details	File	1	c:\windows\ group_x86.dll
Details	File	12	c:\windows\syswow64\regsvr32.exe
Details	File	1	c:\windows\group_x86.dll
Details	File	1	29.xlsx
Details	File	3	10.jpg
Details	File	1	14.xlsx
Details	File	2	15.jpg
Details	File	1	19.xlsx
Details	File	3	2.docx
Details	File	2	20.jpg
Details	File	1	24.xlsx
Details	File	1	25.jpg
Details	File	1	28.xls
Details	File	345	vssadmin.exe
Details	File	367	readme.txt
Details	md5	1	e51d7a4db66d3ea986343fe3e221b7fc
Details	md5	1	d15d140f0d5d88542d059ecd483dee38
Details	md5	1	4474dd4c14f76b6b40f855b9aae628fa
Details	md5	1	78ed290a779aa51d4473678936319a48
Details	sha256	1	f578d6e7fc4d204ef17549be7ea8f3b6bca4b4103e7afff483b180f95f818a20
Details	sha256	1	db66539408a53e25bf005990c1b868ef140303d2ccfa6964b63b26b6bfc1b07b
Details	sha256	1	93e5fc51525d584a80db2505638f0f9237bff8d01adc330049a414b45c7a811c
Details	sha256	1	48385cb94b871e3bf46bd1abfacf1cd69155a0161d2d200ecebd333a7ff137e8
Details	sha256	1	668fcd27f21503184b9e6e10edb9c9e5c6ba1484ebc60a33a7e6104ca4857561
Details	sha256	1	0ef2a73bd5e1d545596b1769503461b809793371bbaedb03f852648eafcfef1e
Details	sha256	1	ce0767c640f01062a939183daa3634db74237fceb9f264a0eeeec80097ca5d98
Details	sha256	1	ed08f3f83b79a358b698b477a62aafc902910b179c87126e6afc7267204bd018
Details	sha256	1	902eb3ddc744189404b2465ab8a5a4caa3e2a30b2db5c40570d0b35b8ee4c45b
Details	sha256	1	47c5683cc8cc1c4977af013b5e09b0ec50f610fff820036544c2a5ca5da7686a
Details	sha256	1	6c34b5e0d401f4a9185580e57071995e579a645ead57ae4b280ef8f9a0ff2b30
Details	sha256	1	c21ad5068d4172fd6348578fd493bc717e09d30006862345a2672894aaaa24b7
Details	sha256	1	97341cd0f8c3df8a350be026ce2257c5d99a6df4dd1572b4bbc3ccf996d9e745
Details	sha256	1	b9337eb2ec474402ad98bad94262483c2b5cec3752b11e3d1ed780e78d331d78
Details	sha256	1	b4bd414baa9dea1be8d9b8f690d35aa161e1e533cedbaa6562f2f32e9bc64ae3
Details	sha256	1	f84d65ddf6a721ee4343db90c97dc1e12b8cf79677bd2d9ddc9a703903a4271b
Details	sha256	1	3fd1127d196f1b993a876d8c0c3d3217a800cb605eaa4cca1316a5f3a046069d
Details	sha256	1	677dbb3d766eb72cbaf57720f8d7895e2569c209e9b11f820811d8df19c63e7a
Details	sha256	1	590eac4ef1f146780c39696f31c3e14300c4a9145743d282afe48c4e93cbd0c4
Details	sha256	1	2f4193a77175cf0c173f556840b1d36cabbc1e0104d11a3f4c629fe02c915a43
Details	sha256	1	b5e15015b24691a3a19700152dd14dbaca7d7bd27e7d7e84db07a5ae22de1cd3
Details	sha256	1	bb4e0e7d72a40b0b7801a7bcf7a6e11d4263191fa0cc378351d5b42cd98a03c5
Details	sha256	1	7215e503b77bdd7fd48b5f63cbce288bf0caa00ed5688bc9b810cb51ed3a765a
Details	sha256	1	976a009ed5b0df798bf38b6c3d021abc70ba8a1f18a44b678ea5bc32e17edb0d
Details	sha256	1	25368ee6e7d6c2f666080dcc0ec72dab4fb3c5d4756e41d7533d54611df5a485
Details	sha256	1	5fe77db174a5206b5387e2b86255bd008966b44632925351d9b3983438004eb1
Details	sha256	1	a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
Details	sha256	1	e07316969b2d2941e9ec6a940d03d03bd36527dae825f30265fd5221a858fca4
Details	sha256	1	7f9d02ceaf4daa901fbb59648e599a381afd93bcba1b88fb6b345949b3479eb3
Details	sha256	1	f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81
Details	sha256	1	9826b386065f8312a7a7ef431c735a66e85a9c144692907f5909f81f837c65f4
Details	IPv4	1	190.14.38.106
Details	IPv4	1	193.38.54.246
Details	IPv4	1	51.89.73.152
Details	IPv4	2	23.108.57.148
Details	IPv4	1	74.119.193.206
Details	IPv4	1	195.123.208.151
Details	IPv4	1	188.127.227.146
Details	IPv4	1	185.212.129.164
Details	IPv4	1	82.146.48.116
Details	IPv4	1	190.14.37.143
Details	IPv4	1	190.14.37.248
Details	IPv4	1	185.212.129.66
Details	IPv4	1	37.46.133.194
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	Url	1	http://23.108.57.148:80/a443
Details	Url	27	https://torproject.org
Details	Url	1	http://conti____________________________________________.onion
Details	Url	1	https://contirecovery.top