{ "name": "WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog", "slug": "webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution-sekoiaio-blog", "description": "The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.", "published": "2024-09-19T17:34:05+00:00", "created_at": "2024-09-19T17:34:05+00:00", "modified_at": "2024-09-19T18:37:29+00:00", "created_at_opencti": "2024-09-19T17:34:05+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-09-19", "clearfake", "darkgate", "dcrat", "emmenhtal", "google cloud", "marko polo", "peaklight", "selfau3", "webdav", "zgrat" ], "related_entities": { "observables": [ { "id": "", "name": "95.216.196.85" }, { "id": "", "name": "95.164.68.24" }, { "id": "", "name": "94.156.8.31" }, { "id": "", "name": "94.156.69.6" }, { "id": "", "name": "94.156.69.111" }, { "id": "", "name": "94.156.65.130" }, { "id": "", "name": "94.156.64.76" }, { "id": "", "name": "94.156.65.126" }, { "id": "", "name": "94.156.64.74" }, { "id": "", "name": "92.118.112.253" }, { "id": "", "name": "94.131.112.206" }, { "id": "", "name": "92.118.112.223" }, { "id": "", "name": "91.92.254.225" }, { "id": "", "name": "91.92.254.167" }, { "id": "", "name": "91.92.253.126" }, { "id": "", "name": "91.92.251.35" }, { "id": "", "name": "91.92.250.150" }, { "id": "", "name": "91.92.250.44" }, { "id": "", "name": "91.92.250.123" }, { "id": "", "name": "91.92.248.90" }, { "id": "", "name": "91.92.248.77" }, { "id": "", "name": "91.92.248.50" }, { "id": "", "name": "91.92.248.129" }, { "id": "", "name": "91.92.246.102" }, { "id": "", "name": "91.92.243.74" }, { "id": "", "name": "91.92.243.198" }, { "id": "", "name": "91.92.240.29" }, { "id": "", "name": "91.92.240.247" }, { "id": "", "name": "91.92.240.234" }, { "id": "", "name": "89.23.113.140" }, { "id": "", "name": "89.23.107.67" }, { "id": "", "name": "89.23.107.251" }, { "id": "", "name": "89.23.107.244" }, { "id": "", "name": "89.23.107.240" }, { "id": "", "name": "89.23.107.181" }, { "id": "", "name": "89.23.107.168" }, { "id": "", "name": "89.23.107.123" }, { "id": "", "name": "89.23.103.97" }, { "id": "", "name": "89.23.107.113" }, { "id": "", "name": "89.23.103.8" }, { "id": "", "name": "89.23.103.56" }, { "id": "", "name": "89.23.103.57" }, { "id": "", "name": "89.23.103.253" }, { "id": "", "name": "89.23.103.205" }, { "id": "", "name": "89.23.103.188" }, { "id": "", "name": "89.23.103.15" }, { "id": "", "name": "89.23.103.118" }, { "id": "", "name": "89.23.103.123" }, { "id": "", "name": "89.110.78.58" }, { "id": "", "name": "82.115.223.234" }, { "id": "", "name": "84.247.187.231" }, { "id": "", "name": "79.137.203.158" }, { "id": "", "name": "78.153.139.202" }, { "id": "", "name": "62.133.61.98" }, { "id": "", "name": "62.133.61.97" }, { "id": "", "name": "62.133.61.90" }, { "id": "", "name": "62.133.61.79" }, { "id": "", "name": "62.133.61.69" }, { "id": "", "name": "62.133.61.73" }, { "id": "", "name": "62.133.61.49" }, { "id": "", "name": "62.133.61.37" }, { "id": "", "name": "62.133.61.240" }, { "id": "", "name": "62.133.61.207" }, { "id": "", "name": "62.133.61.189" }, { "id": "", "name": "62.133.61.168" }, { "id": "", "name": "62.133.61.155" }, { "id": "", "name": "62.133.61.148" }, { "id": "", "name": "62.133.61.106" }, { "id": "", "name": "62.133.61.104" }, { "id": "", "name": "46.29.234.129" }, { "id": "", "name": "62.133.61.101" }, { "id": "", "name": "45.151.62.238" }, { "id": "", "name": "212.18.104.111" }, { "id": "", "name": "200.150.194.109" }, { "id": "", "name": "206.188.196.28" }, { "id": "", "name": "194.87.252.22" }, { "id": "", "name": "194.190.152.108" }, { "id": "", "name": "193.233.75.13" }, { "id": "", "name": "191.243.196.114" }, { "id": "", "name": "185.196.8.158" }, { "id": "", "name": "185.143.223.188" }, { "id": "", "name": "178.209.51.222" }, { "id": "", "name": "168.100.9.199" }, { "id": "", "name": "151.236.17.180" }, { "id": "", "name": "147.45.79.82" }, { "id": "", "name": "147.45.50.86" }, { "id": "", "name": "147.45.50.57" }, { "id": "", "name": "147.45.50.34" }, { "id": "", "name": "147.45.50.23" }, { "id": "", "name": "147.45.50.26" }, { "id": "", "name": "147.45.50.214" }, { "id": "", "name": "147.45.50.172" }, { "id": "", "name": "147.45.50.144" }, { "id": "", "name": "147.45.50.142" }, { "id": "", "name": "141.98.234.166" }, { "id": "", "name": "147.45.178.54" }, { "id": "", "name": "104.131.7.207" }, { "id": "", "name": "193.124.33.71" }, { "id": "", "name": "91.92.245.222" }, { "id": "", "name": "62.133.61.56" }, { "id": "", "name": "62.133.61.43" }, { "id": "", "name": "62.133.61.26" }, { "id": "", "name": "91.92.245.185" }, { "id": "", "name": "91.202.233.136" }, { "id": "", "name": "http://94.156.64.74/Downloads/SecretTeachings.pdf.lnk" }, { "id": "", "name": "http://91.92.251.35/Downloads/solaris-docs.lnk" }, { "id": "", "name": "http://92.118.112.253/Downloads/releaseform.pdf.lnk" }, { "id": "", "name": "http://91.92.243.198:81/Downloads/test.lnk" }, { "id": "", "name": "http://89.23.107.67/Downloads/2023-Documents%20Shared.lnk" }, { "id": "", "name": "http://89.23.107.244/Downloads/Test.lnk" }, { "id": "", "name": "http://62.133.61.73/Downloads/Photo.lnk" }, { "id": "", "name": "http://89.23.103.56/Downloads/Videof/Full%20Video%20HD%20%281080p%29.lnk" }, { "id": "", "name": "http://62.133.61.37/Downloads/config.txt.lnk" }, { "id": "", "name": "http://62.133.61.104/Downloads/test.pdf.lnk" }, { "id": "", "name": "http://62.133.61.101/Downloads/Invoice.pdf.lnk" }, { "id": "", "name": "http://206.188.196.28/Downloads/example.lnk" }, { "id": "", "name": "http://147.45.50.57/Downloads/INVOICE%20340138551.pdf.lnk" }, { "id": "", "name": "http://151.236.17.180/Wire%20Confirmation/WireConfirmation.pdf.lnk" }, { "id": "", "name": "http://147.45.79.82/Downloads/qqeng.pdf.lnk" }, { "id": "", "name": "http://147.45.50.214/Downloads/demo.pdf.lnk" } ], "malware": [ { "id": "legacy:malware:08007c098eb7629c", "name": "Deer Stealer", "slug": "deer-stealer" }, { "id": "legacy:malware:77a1a33455a26f4e", "name": "Stealit", "slug": "stealit" }, { "id": "legacy:malware:1888952317dfd863", "name": "SelfAU3", "slug": "selfau3" }, { "id": "b732c72d-6b65-4bd1-ade4-2709a317deed", "name": "ACR Stealer", "slug": "acr-stealer" }, { "id": "legacy:malware:fb966c131bdd6d80", "name": "Meduza Stealer", "slug": "meduza-stealer" }, { "id": "legacy:malware:ec57094fa2184fd2", "name": "CRYPTBOT", "slug": "cryptbot" }, { "id": "legacy:malware:847c67cbde743e06", "name": "DanaBot", "slug": "danabot" }, { "id": "legacy:malware:05cd583aadd9b90a", "name": "DarkGate", "slug": "darkgate" }, { "id": "legacy:malware:196436899fefaba3", "name": "Remcos", "slug": "remcos" }, { "id": "40393205-bf5e-4be2-a843-8064b1c6c5de", "name": "Lumma", "slug": "lumma" }, { "id": "82e2ea8e-729a-4648-ba23-3a792f53fa15", "name": "Xworm", "slug": "xworm" }, { "id": "legacy:malware:25878cbc384641c1", "name": "Redline", "slug": "redline" }, { "id": "legacy:malware:9976e3cd162fddbc", "name": "GuLoader", "slug": "guloader" }, { "id": "413a5bf2-8213-41d6-9d26-37764b31f1f7", "name": "Amadey", "slug": "amadey" }, { "id": "legacy:malware:5f39db1ddca8d00c", "name": "zgRAT", "slug": "zgrat" }, { "id": "f200fb60-5446-493f-9712-9f26d65956cc", "name": "AsyncRAT", "slug": "asyncrat" } ], "attack_patterns": [ { "id": "8598a502-2b24-4c8a-8ec3-45179f49e5b7", "name": "T1199" }, { "id": "a7262c61-4567-4a00-8cec-aae6264234a9", "name": "T1218" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" } ], "others": [ { "id": "", "name": "Gaming" }, { "id": "", "name": "Cryptocurrency" }, { "id": "", "name": "Technology" }, { "id": "", "name": "Media" }, { "id": "", "name": "Financial" } ] }, "external_refs": [ "https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/", "https://otx.alienvault.com/pulse/66ec7cadd732dd516497e4f8" ] }