CloudEyE — From .lnk to Shellcode
Tags
| country: | Laos |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Direct Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | ee3cfdbb-410a-4bde-8b36-47c78c8eeb2c |
| Fingerprint | b60b8a804a9f33a9 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 9, 2023, 12:57 a.m. |
| Added to db | July 9, 2023, 2:58 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | CloudEyE — From .lnk to Shellcode |
| Title | CloudEyE — From .lnk to Shellcode |
| Detected Hints/Tags/Attributes | 58/3/33 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
| Details | 172 | ✔ | Reverse Engineering on Medium | https://medium.com/feed/tag/reverse-engineering | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 27 | shorturl.at |
|
| Details | Domain | 2 | img.softmedal.com |
|
| Details | Domain | 43 | file.read |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 4127 | github.com |
|
| Details | File | 1 | 26_06_2023.pdf |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | c:\users\public\rfq-info.pdf |
|
| Details | File | 1 | c:\windows\tasks\reilon.vbs |
|
| Details | File | 128 | msedge.exe |
|
| Details | File | 1 | 773918053744.jpg |
|
| Details | File | 1 | lnk.pdf |
|
| Details | File | 1 | 298186187297.jpg |
|
| Details | File | 1 | reilon.vbs |
|
| Details | File | 1 | persuasive.inf |
|
| Details | File | 57 | system.dll |
|
| Details | File | 1 | industri3.bin |
|
| Details | File | 1 | veristfil.bin |
|
| Details | File | 1 | rawnessa.bin |
|
| Details | File | 1 | guloader.html |
|
| Details | File | 1 | guloader_from_lnk_to_shellcode.txt |
|
| Details | Github username | 1 | gi7w0rm |
|
| Details | sha256 | 1 | 748c0ef7a63980d4e8064b14fb95ba51947bfc7d9ccf39c6ef614026a89c39e5 |
|
| Details | IPv4 | 2 | 194.55.224.183 |
|
| Details | Url | 1 | https://shorturl.at/iwak9 |
|
| Details | Url | 1 | https://shorturl.at/gudhw |
|
| Details | Url | 1 | https://shorturl.at/iwak9. |
|
| Details | Url | 1 | https://img.softmedal.com/uploads/2023-06-23/773918053744.jpg |
|
| Details | Url | 1 | https://img.softmedal.com/uploads/2023-06-23/298186187297.jpg |
|
| Details | Url | 1 | http://194.55.224.183/kng/persuasive.inf |
|
| Details | Url | 1 | https://research.openanalysis.net/guloader/unicorn/emulation/anti-debug/debugging/config/2022/12/16/guloader.html#guloader |
|
| Details | Url | 1 | https://isc.sans.edu/diary/29990 |
|
| Details | Url | 1 | https://github.com/gi7w0rm/malwareconfiglists/blob/main/guloader/guloader_from_lnk_to_shellcode.txt |