SPYWARE STEALER LOCKER WIPER
Common Information
| Type | Value |
|---|---|
| UUID | 1812c055-5aa9-4d97-a3c2-6e6ccbfcb7ae |
| Fingerprint | ea185047a7aff8dba5ad0da985c97e3eaa068fe97ceae17114d2029bd04529c2 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | March 13, 2020, 3:44 p.m. |
| Added to db | March 12, 2024, 7:19 p.m. |
| Last updated | Aug. 31, 2024, 5:08 a.m. |
| Headline | SPYWARE STEALER LOCKER WIPER |
| Title | SPYWARE STEALER LOCKER WIPER |
| Detected Hints/Tags/Attributes | 236/4/211 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 19 | cve-2019-0859 |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 136 | mail.com |
|
| Details | Domain | 155 | yandex.com |
|
| Details | Domain | 13 | o2.pl |
|
| Details | Domain | 6 | protonmail.co |
|
| Details | Domain | 167 | tutanota.com |
|
| Details | Domain | 34 | www.paloaltonetworks.com |
|
| Details | Domain | 7 | www.theatlantic.com |
|
| Details | Domain | 17 | www.varonis.com |
|
| Details | Domain | 2 | cdn.www.carbonblack.com |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 124 | www.nytimes.com |
|
| Details | Domain | 111 | www.justice.gov |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 177 | www.wired.com |
|
| Details | Domain | 122 | www.kaspersky.com |
|
| Details | Domain | 45 | www.whitehouse.gov |
|
| Details | Domain | 145 | www.us-cert.gov |
|
| Details | Domain | 4 | rity.com |
|
| Details | Domain | 6 | www.globenewswire.com |
|
| Details | Domain | 2 | cyberveille-sante.gouv.fr |
|
| Details | Domain | 65 | www.cert.ssi.gouv.fr |
|
| Details | Domain | 4 | sectigo.com |
|
| Details | Domain | 11 | blog.f-secure.com |
|
| Details | Domain | 5 | labs.vipre.com |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 20 | sentinelone.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 2 | www.hydro.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 11 | doublepulsar.com |
|
| Details | Domain | 5 | www.nrk.no |
|
| Details | Domain | 2 | bulletin.com |
|
| Details | Domain | 41 | www.cisecurity.org |
|
| Details | Domain | 80 | portal.msrc.microsoft.com |
|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 2 | www.ninjarmm.com |
|
| Details | Domain | 14 | wsj.com |
|
| Details | Domain | 2 | www.aftenposten.no |
|
| Details | Domain | 2 | e24.no |
|
| Details | Domain | 2 | www.regjeringen.no |
|
| Details | Domain | 3 | www.msspalert.com |
|
| Details | Domain | 184 | www.fireeye.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 35 | www.vice.com |
|
| Details | Domain | 24 | scmagazine.com |
|
| Details | Domain | 33 | darkreading.com |
|
| Details | Domain | 115 | sophos.com |
|
| Details | Domain | 6 | digitalguardian.com |
|
| Details | Domain | 3 | www.accenture |
|
| Details | Domain | 26 | www.accenture.com |
|
| Details | Domain | 114 | dragos.com |
|
| Details | Domain | 4 | www.otorio.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 9 | pylos.co |
|
| Details | Domain | 9 | theregister.co.uk |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 31 | www.pcworld.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 151 | www.bbc.com |
|
| Details | Domain | 5 | blog.comae.io |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 8 | www.nato.int |
|
| Details | Domain | 83 | www.theguardian.com |
|
| Details | Domain | 49 | home.treasury.gov |
|
| Details | Domain | 17 | www.politico.eu |
|
| Details | Domain | 2 | www.insurancejournal.com |
|
| Details | 8 | dharmaparrack@protonmail.com |
||
| Details | 8 | wyattpettigrew8922555@mail.com |
||
| Details | 3 | mcrypt2019@yandex.com |
||
| Details | 2 | pettigrew8922555@mail.com |
||
| Details | 2 | verneteithan@protonmail.com |
||
| Details | 2 | climprout1538818@mail.com |
||
| Details | 8 | mayarchenot@protonmail.com |
||
| Details | 7 | sayanwalsworth96@protonmail.com |
||
| Details | 8 | suzumcpherson@protonmail.com |
||
| Details | 2 | phanthavongsaneveyah@protonmail.co |
||
| Details | 8 | romanchukeyla@protonmail.com |
||
| Details | 6 | schreibereleonora@protonmail.com |
||
| Details | 2 | drillockmorgen@protonmail.com |
||
| Details | 9 | abbschevis@protonmail.com |
||
| Details | 8 | cottleakela@protonmail.com |
||
| Details | 2 | kv8f6fx@protonmail.com |
||
| Details | 2 | kv8f6fx@tutanota.com |
||
| Details | File | 8 | o2.pl |
|
| Details | File | 2 | somware_timeline_carbon_black.jpg |
|
| Details | File | 2 | uk-national-health-service-cyberattack.html |
|
| Details | File | 3 | ransomware-hackers.html |
|
| Details | File | 2 | altran-technologies-update-on-the-cyber-attack.html |
|
| Details | File | 141 | www.cer |
|
| Details | File | 2 | certfr-2019-act-005.pdf |
|
| Details | File | 2 | ga-ransomeware-targeting-critical-infrastructure.html |
|
| Details | File | 2 | exclusive-how-the-norsk-hydro-cyberattack-unfolded.html |
|
| Details | File | 3 | lockergoga.html |
|
| Details | File | 2 | 2312363-nederlandse-bedrijven-slachtoffer-van-geavanceerde-gijzelsoftware.html |
|
| Details | File | 29 | www.reg |
|
| Details | File | 4 | pick-six-intercepting-a-fin6-intrusion.html |
|
| Details | File | 4 | accenture-technical-analysis-megacortex.pdf |
|
| Details | File | 3 | us.html |
|
| Details | File | 2 | vb2018-naumaan.pdf |
|
| Details | File | 2 | coverable-even-by-the-attacker.html |
|
| Details | File | 6 | the-medoc-connection.html |
|
| Details | File | 2 | opinions_154462.htm |
|
| Details | File | 2 | 550039.htm |
|
| Details | File | 2 | insurance-notpetya-attack.html |
|
| Details | File | 3 | target-security-breach-settlement.html |
|
| Details | Github username | 3 | leo-stone |
|
| Details | IPv4 | 4 | 0.9.9.0 |
|
| Details | IPv4 | 24 | 1.0.1.0 |
|
| Details | IPv4 | 10 | 1.0.2.0 |
|
| Details | IPv4 | 17 | 1.1.0.0 |
|
| Details | IPv4 | 14 | 1.1.1.0 |
|
| Details | IPv4 | 11 | 1.2.0.0 |
|
| Details | IPv4 | 3 | 1.3.2.0 |
|
| Details | IPv4 | 4 | 1.4.4.0 |
|
| Details | IPv4 | 2 | 1.4.4.1 |
|
| Details | IPv4 | 4 | 1.5.1.0 |
|
| Details | IPv4 | 9 | 1.3.3.7 |
|
| Details | Threat Actor Identifier - FIN | 73 | FIN6 |
|
| Details | Url | 2 | https://www.theatlantic.com/technology/archive/2016/05 |
|
| Details | Url | 1 | https://www.sciencedirect |
|
| Details | Url | 2 | https://www.varonis.com/blog/cryptolocker |
|
| Details | Url | 2 | https://cdn.www.carbonblack.com/wp-content/uploads/2016/09/ran- |
|
| Details | Url | 2 | https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html |
|
| Details | Url | 2 | https://www.symantec |
|
| Details | Url | 2 | https://www.justice.gov/opa/pr/north-korean-regime-backed-program- |
|
| Details | Url | 2 | https://www.zdnet.com/article/how-us-authorities-tracked- |
|
| Details | Url | 2 | https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431 |
|
| Details | Url | 3 | https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html |
|
| Details | Url | 2 | https://www.kaspersky.com/blog/new-ransomware-epidemics/17314 |
|
| Details | Url | 2 | https://www.whitehouse.gov/brief- |
|
| Details | Url | 3 | https://www.us-cert.gov/ncas/alerts/ta17-181a |
|
| Details | Url | 3 | https://www.welivesecu |
|
| Details | Url | 2 | https://www.globenewswire.com/news-re- |
|
| Details | Url | 7 | https://www.bleepingcomputer |
|
| Details | Url | 2 | https://cyberveille-sante.gouv.fr/cyberveille/1166-le-ransomware-lockergoga-identifie-lors-dune-at- |
|
| Details | Url | 2 | https://www.cert.ssi.gouv |
|
| Details | Url | 2 | https://sectigo.com/comodo |
|
| Details | Url | 2 | https://blog.f-secure.com/analysis-of-lockergoga-ransom- |
|
| Details | Url | 2 | https://labs.vipre.com |
|
| Details | Url | 2 | https://www.fortinet.com/blog/threat-research/lockergo- |
|
| Details | Url | 3 | https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks |
|
| Details | Url | 2 | https://www.hydro.com/en/media/news/2019/hydro- |
|
| Details | Url | 2 | https://www.hydro.com/en/media |
|
| Details | Url | 2 | https://www.bleepingcomputer.com/news/security/lockergoga-ransom- |
|
| Details | Url | 2 | https://www.reuters.com/article/us-norsk-hydro-cyber |
|
| Details | Url | 2 | https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks- |
|
| Details | Url | 2 | https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202 |
|
| Details | Url | 2 | https://www.metal |
|
| Details | Url | 2 | https://www.nrk.no/norge |
|
| Details | Url | 13 | https://www.cisecurity.org |
|
| Details | Url | 7 | https://www.bleepingcomputer.com/news/security |
|
| Details | Url | 2 | https://portal.msrc.microsoft.com |
|
| Details | Url | 2 | https://news.sophos.com/en-us/2019/10/04 |
|
| Details | Url | 2 | https://www.ninjarmm.com/blog |
|
| Details | Url | 4 | https://blog.talosintelligence |
|
| Details | Url | 2 | https://www.wsj.com/articles/investigators-warned-other-companies-after-norsk-hydro-attack-11566552601 |
|
| Details | Url | 2 | https://www.aftenposten.no/norge/i |
|
| Details | Url | 2 | https://e24.no/teknologi/i/9vg6r5 |
|
| Details | Url | 3 | https://www.wired.com/story |
|
| Details | Url | 2 | https://www.regjeringen.no/en/dokumenter |
|
| Details | Url | 3 | https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html |
|
| Details | Url | 4 | https://attack.mitre.org/groups/g0037 |
|
| Details | Url | 3 | https://www.cert.ssi.gouv.fr/alerte/certfr-2019-ale-003 |
|
| Details | Url | 2 | https://www.cert.ssi.gouv.fr/uploads |
|
| Details | Url | 2 | https://www.vice.com/en_us/article/8xyj7g/ransomware-forces-two-chemi- |
|
| Details | Url | 2 | https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransom- |
|
| Details | Url | 3 | https://www.accenture |
|
| Details | Url | 3 | https://www.accenture.com/_acnmedia/pdf-106/accenture-technical-analysis-megacortex.pdf |
|
| Details | Url | 2 | https://dragos.com/blog/industry-news |
|
| Details | Url | 2 | https://www.otorio.com |
|
| Details | Url | 6 | https://www.bloomberg.com/news |
|
| Details | Url | 2 | https://pylos.co/2020/01/28 |
|
| Details | Url | 2 | https://securelist.com/shamoon-the- |
|
| Details | Url | 2 | https://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets- |
|
| Details | Url | 2 | https://www.virusbulletin |
|
| Details | Url | 4 | https://unit42.paloaltonetworks |
|
| Details | Url | 2 | https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges- |
|
| Details | Url | 3 | https://www.wired |
|
| Details | Url | 2 | https://www.us-cert.gov/ics/alerts/ir-alert-h-16-056-01 |
|
| Details | Url | 2 | https://securelist.com/a- |
|
| Details | Url | 2 | https://www.pcworld.com/article/3022162/faulty-ransomware-renders-files-unre- |
|
| Details | Url | 8 | https://blog.malwarebytes.com |
|
| Details | Url | 2 | https://github.com/leo-stone/hack-petya |
|
| Details | Url | 3 | https://www.crowdstrike.com/blog |
|
| Details | Url | 2 | https://www.symantec.com/blogs |
|
| Details | Url | 6 | https://www.bbc.com/news |
|
| Details | Url | 3 | https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b |
|
| Details | Url | 2 | https://blog.comae.io |
|
| Details | Url | 4 | https://blog.talosintelligence.com/2017/07/the-medoc-connection.html |
|
| Details | Url | 2 | https://www.welivesecurity.com/2017/06/30 |
|
| Details | Url | 2 | https://www.nato.int/cps/en/natohq/opinions_154462.htm |
|
| Details | Url | 2 | https://www.darktrace.com/en/blog/big-game-hunting-how-ryuk-ransomware-takes-down-its-imposing-targets |
|
| Details | Url | 1 | https://www.axios.com/russia-spies-working-with-cyber-criminals-5c2f12f7-8f25-419a-a850-3bc89de346a3. |
|
| Details | Url | 2 | https://www.zdnet.com/article/disorganized-crime-and-state- |
|
| Details | Url | 2 | https://www.theguardian.com/technology/2019/aug/08 |
|
| Details | Url | 2 | https://home.treasury.gov/news/press-releases/sm0312 |
|
| Details | Url | 4 | https://www.justice.gov/opa/pr |
|
| Details | Url | 2 | https://www.politico.eu |
|
| Details | Url | 2 | https://www.wired.com/story/russian-hackers-attack-ukraine |
|
| Details | Url | 2 | https://www.insurancejournal.com/news/nation- |
|
| Details | Url | 2 | https://www.nytimes.com/2019/04/15/technology/cyber- |
|
| Details | Url | 9 | https://www.nytimes |
|
| Details | Url | 3 | https://www.reuters.com/article |