ioc[.]one - OSINT Cyber Threat Intelligence Database

Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

Tags

country:	Switzerland Germany Italy Russia Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Seo Poisoning - T1608.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	8260074c-733d-4b9f-8f11-c191e7743d33
Fingerprint	b7344dd980bb8ee7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 30, 2024, midnight
Added to db	Oct. 30, 2024, 1:06 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus
Title	Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus
Detected Hints/Tags/Attributes	120/3/64

Source URLs

	Redirection	Url
Details	Source	https://blog.eclecticiq.com/inside-intelligence-center-lunar-spider-enabling-ransomware-attacks-on-financial-sector-with-brute-ratel-c4-and-latrodectus

URL Provider

Details	Provider	Source level domain
Details	eclecticiq.com	blog.eclecticiq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	32	✔	EclecticIQ Blog	https://blog.eclecticiq.com/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	6	peronikilinfer.com
Details	Domain	5	jkbarmossen.com
Details	Domain	6	bazarunet.com
Details	Domain	6	greshunka.com
Details	Domain	7	tiguanin.com
Details	Domain	3	qasertol.club
Details	Domain	3	grupotefex.com
Details	Domain	18	cti.eclecticiq.com
Details	Domain	49	eclecticiq.com
Details	Domain	370	www.proofpoint.com
Details	Domain	96	malpedia.caad.fkie.fraunhofer.de
Details	Domain	2	www.operation-endgame.com
Details	Domain	469	www.cisa.gov
Details	Domain	58	redcanary.com
Details	Domain	397	www.microsoft.com
Details	Email	47	research@eclecticiq.com
Details	File	2	document-16-32-50.js
Details	File	6	dsa.msi
Details	File	1018	rundll32.exe
Details	File	4	vierm_soft_x64.dll
Details	File	2	win.cs
Details	md5	3	58393294f21c1006efe854eff1b652d5
Details	md5	3	275de1ee6e9c11cb920c879bf6a21339
Details	sha256	4	937d07239cbfee2d34b7f1fae762ac72b52fb2b710e87e02fa758f452aa62913
Details	sha256	4	6dabcf67c89c50116c4e8ae0fafb003139c21b3af84e23b57e16a975b7c2341f
Details	sha256	4	fb242f64edbf8ae36a4cf5a80ba8f21956409b448eb0380949bb9152373db981
Details	sha256	5	1b9e17bfbd292075956cc2006983f91e17aed94ebbb0fb370bf83d23b14289fa
Details	sha256	4	28f5e949ecad3606c430cea5a34d0f3e7218f239bcfa758a834dceb649e78abc
Details	IPv4	4	45.14.244.124
Details	IPv4	4	188.119.112.115
Details	IPv4	3	188.119.113.152
Details	IPv4	3	193.32.177.192
Details	IPv4	4	188.119.112.7
Details	IPv4	4	95.164.17.212
Details	Url	2	https://qasertol.club/forms-pubs/about-form-w-2/?msclkid=58393294f21c1006efe854eff1b652d5
Details	Url	3	https://grupotefex.com/forms-pubs/about-form-w-4/?msclkid=275de1ee6e9c11cb920c879bf6a21339
Details	Url	3	http://45.14.244.124/dsa.msi
Details	Url	3	https://188.119.112.115/dlpagent.msi
Details	Url	3	http://188.119.113.152/citroen.msi
Details	Url	3	http://193.32.177.192/vpn.msi
Details	Url	4	http://188.119.112.7/das.msi
Details	Url	4	http://95.164.17.212/best.msi
Details	Url	13	https://cti.eclecticiq.com/taxii/discovery.
Details	Url	3	https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor/lunar_spider
Details	Url	6	https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor/alpha_spider
Details	Url	2	https://www.operation-endgame.com
Details	Url	3	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/details/win.pikabot
Details	Url	2	https://malpedia.caad.fkie.fraunhofer.de/details/win.bumblebee
Details	Url	1	https://www.rapid7.com/blog/post/2022/03/01/conti-ransomware-group-internal-chats-leaked-over-russia-ukraine-conflict
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor/wizard_spider
Details	Url	1	https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-076a
Details	Url	1	https://www.cisa.gov/news-events/alerts/2021/09/22/conti-ransomware
Details	Url	1	https://www.justice.gov/opa/pr/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars
Details	Url	2	https://malpedia.caad.fkie.fraunhofer.de/details/win.nemty
Details	Url	2	https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us
Details	Url	1	https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment
Details	Url	1	https://redcanary.com/threat-detection-report/threats/impacket
Details	Url	2	https://malpedia.caad.fkie.fraunhofer.de/details/win.csharpstreamer
Details	Url	2	https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware
Details	Windows Registry Key	582	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run