ioc[.]one - OSINT Cyber Threat Intelligence Database

Malspam delivers MoonWind 9-20-2017

Tags

country:	Thailand
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Dns - T1071.004 Dns - T1590.002 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	9e893687-9f33-4e7e-b537-ce7610a3f554
Fingerprint	7f7c343928a2a6c9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 22, 2017, 2:34 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	NetWitness Community
Title	Malspam delivers MoonWind 9-20-2017
Detected Hints/Tags/Attributes	51/3/12

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/09/22/malspam-delivers-moonwind-9-20-2017

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	57		cve-2017-8759
Details	Domain	80		portal.msrc.microsoft.com
Details	File	3		readme.rtf
Details	File	1		httpx.exe
Details	File	1		invo.exe
Details	File	1		svcohos.exe
Details	sha256	1		0d5ec16b1affc1d85b335291aa9b89d1679865d913ccd5aa5f6093a6a4797d51
Details	sha256	1		72bf1b9136654fd34f469065c086d91634c10ea612e56da6b64a04317f697802
Details	sha256	1		2175007a69be40a99f78fc565ec5ccda0d681a3c47b4bcb835c6682d72f7f6b0
Details	Threat Actor Identifier - APT	297		APT27
Details	Url	1		https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8759
Details	Url	1		https://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organ