ioc[.]one - OSINT Cyber Threat Intelligence Database

Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor

Tags

country:	Australia France Japan United States Of America
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Rootkit - T1014 Web Shell - T1100 Rootkit

Show in Graph

Common Information

Type	Value
UUID	f73bbe5d-14d3-43a6-9293-51edc11ff06e
Fingerprint	353c8c999025c67b
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 28, 2023, 1 p.m.
Added to db	Aug. 13, 2023, 1:48 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
Title	Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
Detected Hints/Tags/Attributes	87/2/70

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and-it/
Details	Redirection	https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and-it/?&web_view=true
Details	Source	https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and-it/?web_view=true

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08
Details	120	✔	Unit 42	https://feeds.feedburner.com/Unit42	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	184	cve-2021-26855
Details	CVE	105	cve-2022-41040
Details	CVE	168	cve-2021-34473
Details	CVE	9	cve-2021-33766
Details	CVE	22	cve-2017-0213
Details	CVE	32	cve-2018-8120
Details	CVE	15	cve-2019-0803
Details	CVE	34	cve-2019-1458
Details	CVE	4	cve-2019-0623
Details	Domain	831	example.com
Details	Domain	1	mycacls.com
Details	Domain	13	ired.team
Details	Domain	397	asp.net
Details	File	1	dllnc.dll
Details	File	16	sh.exe
Details	File	5	webshell.aspx
Details	File	1	xn.aspx
Details	File	21	runas.exe
Details	File	7	au.exe
Details	File	1122	svchost.exe
Details	File	1	iis1.asp
Details	File	1	goiis.exe
Details	File	1	caclcs.exe
Details	File	1	app_web_xvuga1zl.dll
Details	File	1	x.tmp
Details	File	9	x.bat
Details	sha256	1	b00cd3b39bc2fd6a4077c679f050d97ed26ef20a1fe80ad3525ea0dbbd131f74
Details	sha256	1	0153246cf5e1d980d65d4920bdc5b2ac4c9aba6d5b6676f0e9bbde794dd04314
Details	sha256	1	0f9dca8599d7b350050149e63a6a977f1d157d5967ba6da534919530063cdcde
Details	sha256	1	9215371ec6058ba38780a5d336eb3201a47c77bb97bb00a60f1bec0386185c77
Details	sha256	1	adf2ee0ad2f5f13b9bf72741c75910f786d2cfee84b5ae78ea3e5464f46addde
Details	sha256	1	fcd44c32ae6078f2ba44c8c5e2efa3f9b788d4c6470a5ee9bd4944699fb8357a
Details	sha256	1	2e24c384f9ae7d09179bd41e51c4a9bb43102d170990e8e1576e79362b049ed6
Details	sha256	1	3ab6a849d81b66a52d717cc1b0178882e30d44c39b1089604c5746a187b2e4ce
Details	sha256	1	905cf864acad6b4a664582eb9fc6e0afab87198274a29e5f7d7863fee29f37cd
Details	sha256	1	a812d5472458c6fc993ae1e9e8b9f04e31d176e2ec9f5ce5ac48e32ed72fb414
Details	sha256	1	8402967a4b0bff39fc3ccc7a5b613734135551e9f6f32cf8c14fd6541a85d4d5
Details	sha256	1	4cdcec18ef5d3657b488f32912a8ccf4541891e4e4c8518afbc1e1b0e147e96b
Details	sha256	1	db2712470ca60e874b15fa1e5ef667dbf6b755223ee5eb20843843115537e1c4
Details	sha256	1	c67ce681677909aa5ae9abcf42c35faffee08cd73b5cee8d975fa07159f76c87
Details	sha256	1	308643ef08bd65afaba08315826985975515845fb5d6235db80a9bc5bdbb00f3
Details	sha256	1	238f5771b8350633e258221e25223e52545709b74cbe2c9361e2b730f9dbfa00
Details	sha256	1	5cb0710bef7c7b0ff226bf5ca12f499859505547696f22fa06ce1f47ea312d82
Details	sha256	1	f20b0a716c3980c46a2996ae21e3566c0151202557417d171566b82e97057f2f
Details	sha256	1	b4de4eb9763ad18e060513048eed4ac39481cfe62127345d0bb058eb26a18528
Details	sha256	1	2092ce3cef30198cb7833851a1b1805bbfe71474152c1357ecd27f71ce807527
Details	sha256	1	6f77fea2e8e34fe3bb7134e110036e44e30a6d5144794669a6de21a30f3b7247
Details	sha256	1	db7290032479a53fa7a43262188132d572fab63d00d6d64d39f9256df6c10f55
Details	sha256	1	609d04a4be3878328503c342f0d73c9ba5ff1c6c62f4c894516e50721207ef83
Details	sha256	1	419e8bfae7a0887fad0eb273791cf0d03c0ed01d1957c7dc796c6e0d1a43f3d6
Details	sha256	1	181daac34fd958aaadf1c9de1414cc3b331ef394ba47d5d2c77d30e9ac89ef17
Details	sha256	1	ef8eae74cddea603c5051de7808f402943d674c6bb557db1eff6a50d25114b6b
Details	sha256	1	b08a089f0e44c2703a9e0dc4f6ef8d9285a08241499ad21dbf7f1fbc262d22bd
Details	sha256	1	1d61842f5ecdca970f43246ce93f51fa4c85c00b93b6b9e37db17325077497eb
Details	sha256	1	009a28656abb84a6e7794fdd721565a2e2ca2565870597962d67a8e2c3707241
Details	sha256	1	88f62989cb2f220db3d289ffea924423487b180fabe37711d2ef5c7f2e306f13
Details	sha256	1	068bfbb2dc6dadc3860eb16cc7ece97d935948f9b64ec66d5afda08e682be790
Details	sha256	1	3e2041c2efd120960c00bf794b5db4c967fc862e2d536ed5f7b5d5d1cf9bfda0
Details	sha256	1	74b95e6b8e02ea623849b6bcbf702922dd064ae06238b27cbb20504e38d85756
Details	sha256	1	6c569dd683df9600a098a93c9200d44778d535f58f5a82f4a58aeed3855fb9ca
Details	sha256	1	67fdef1b6fdf6fbec44e4df1608fb46dfbcfa3363bf62872ec132d000092a18f
Details	sha256	1	ae35de63065040d752ef9fa76c553c0fa5c3cc5c8d67cf6981c66d3c8d86a6a6
Details	sha256	1	9e761c6811679311c80291b7d65f23cdd53865f72af64b5a72ae1a86d9ef27d0
Details	sha256	1	4e04472b21365c76d9cf0a324f889f723621fc42433a2f211a23dce728fa4a8a
Details	sha256	1	5a4a2272ce4388e56fb9d33255ac8c584d41c7099588ef9f39e4bee54be92992
Details	sha256	1	15c52422bfa461b01901953f5e0d9c77aa0f898c8de4841303a572c59a269674
Details	Pdb	1	f:\upfile\3389\opents\dlladduser\x64\release\dllnc.pdb
Details	Pdb	1	e:\git\mycomeoppower\mycomeoppipe\build\quantum.pdb
Details	Pdb	1	e:\git\mycomeoppower\mycomeoppipe\build\mycomeop.pdb
Details	Pdb	1	d:\project\后门类\dllnc\exenc\x64\release\exenc.pdb