Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog

Sept. 19, 2024, 8:37 p.m.

Tags
darkgate
dcrat
webdav
2024-09-19
marko polo
zgrat
google cloud
clearfake
emmenhtal
peaklight
selfau3
External References
Description

The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.

Date

Published: Sept. 19, 2024, 7:34 p.m.

Created: Sept. 19, 2024, 7:34 p.m.

Modified: Sept. 19, 2024, 8:37 p.m.

Indicators

95.216.196.85

95.164.68.24

94.156.8.31

94.156.69.6

94.156.69.111

94.156.65.130

94.156.64.76

94.156.65.126

94.156.64.74

92.118.112.253

94.131.112.206

92.118.112.223

91.92.254.225

91.92.254.167

91.92.253.126

91.92.251.35

91.92.250.150

91.92.250.44

91.92.250.123

91.92.248.90

91.92.248.77

91.92.248.50

91.92.248.129

91.92.246.102

91.92.243.74

91.92.243.198

91.92.240.29

91.92.240.247

91.92.240.234

89.23.113.140

89.23.107.67

89.23.107.251

89.23.107.244

89.23.107.240

89.23.107.181

89.23.107.168

89.23.107.123

89.23.103.97

89.23.107.113

89.23.103.8

89.23.103.56

89.23.103.57

89.23.103.253

89.23.103.205

89.23.103.188

89.23.103.15

89.23.103.118

89.23.103.123

89.110.78.58

82.115.223.234

84.247.187.231

79.137.203.158

78.153.139.202

62.133.61.98

62.133.61.97

62.133.61.90

62.133.61.79

62.133.61.69

62.133.61.73

62.133.61.49

62.133.61.37

62.133.61.240

62.133.61.207

62.133.61.189

62.133.61.168

62.133.61.155

62.133.61.148

62.133.61.106

62.133.61.104

46.29.234.129

62.133.61.101

45.151.62.238

212.18.104.111

200.150.194.109

206.188.196.28

194.87.252.22

194.190.152.108

193.233.75.13

191.243.196.114

185.196.8.158

185.143.223.188

178.209.51.222

168.100.9.199

151.236.17.180

147.45.79.82

147.45.50.86

147.45.50.57

147.45.50.34

147.45.50.23

147.45.50.26

147.45.50.214

147.45.50.172

147.45.50.144

147.45.50.142

141.98.234.166

147.45.178.54

104.131.7.207

193.124.33.71

91.92.245.222

62.133.61.56

62.133.61.43

62.133.61.26

91.92.245.185

91.202.233.136

http://94.156.64.74/Downloads/SecretTeachings.pdf.lnk

http://91.92.251.35/Downloads/solaris-docs.lnk

http://92.118.112.253/Downloads/releaseform.pdf.lnk

http://91.92.243.198:81/Downloads/test.lnk

http://89.23.107.67/Downloads/2023-Documents%20Shared.lnk

http://89.23.107.244/Downloads/Test.lnk

http://62.133.61.73/Downloads/Photo.lnk

http://89.23.103.56/Downloads/Videof/Full%20Video%20HD%20%281080p%29.lnk

http://62.133.61.37/Downloads/config.txt.lnk

http://62.133.61.104/Downloads/test.pdf.lnk

http://62.133.61.101/Downloads/Invoice.pdf.lnk

http://206.188.196.28/Downloads/example.lnk

http://147.45.50.57/Downloads/INVOICE%20340138551.pdf.lnk

http://151.236.17.180/Wire%20Confirmation/WireConfirmation.pdf.lnk

http://147.45.79.82/Downloads/qqeng.pdf.lnk

http://147.45.50.214/Downloads/demo.pdf.lnk

Download all indicators here!

Attack Patterns

Deer Stealer

Stealit

SelfAU3

ACR Stealer

Meduza Stealer

CRYPTBOT

DanaBot

DarkGate

Remcos

Lumma

Xworm

Redline

GuLoader

Amadey

zgRAT

AsyncRAT

T1199

T1218

T1027

Additional Informations

Gaming

Cryptocurrency

Technology

Media

Financial