Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware
Common Information
| Type | Value |
|---|---|
| UUID | 2fcb5fb7-4997-4949-b850-defa68e56d44 |
| Fingerprint | 217734048bfd7cfadfd086ea6ec167a42cfa3ff2a71b619cfe6a5b9a59915296 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 8, 2024, 8:45 a.m. |
| Added to db | Oct. 14, 2024, 8:27 a.m. |
| Last updated | Oct. 14, 2024, 8:30 a.m. |
| Headline | Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware |
| Title | Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware |
| Detected Hints/Tags/Attributes | 213/4/167 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2024-1009.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 7 | AS399629 |
|
| Details | CVE | 217 | cve-2020-1472 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 3 | supfoundrysettlers.us |
|
| Details | Domain | 85 | onionmail.org |
|
| Details | Domain | 2 | micrsoft-teams-download.com |
|
| Details | Domain | 1 | nnlcrosaftteams-download.pro |
|
| Details | Domain | 1 | microsoftt-teams-download.com |
|
| Details | Domain | 1 | microssoft-teams.com |
|
| Details | Domain | 1 | microsoftt-teams.com |
|
| Details | Domain | 1 | ns-client.net |
|
| Details | Domain | 1 | auttodessk.com |
|
| Details | Domain | 1 | aut0deskk.com |
|
| Details | Domain | 1 | autosdesk.net |
|
| Details | Domain | 1 | zoom-video.org |
|
| Details | Domain | 1 | crystal-maker.com |
|
| Details | Domain | 1 | crystalmaker.pro |
|
| Details | Domain | 1 | webex-up.com |
|
| Details | Domain | 1 | pixalate.us |
|
| Details | Domain | 1 | gang-force.com |
|
| Details | Domain | 2 | prodfindfeatures.com |
|
| Details | Domain | 1 | backuppingplanseasy.com |
|
| Details | Domain | 1 | buydotclearlynet.com |
|
| Details | Domain | 1 | docsfromthewest.com |
|
| Details | Domain | 1 | heartwithinadream.com |
|
| Details | Domain | 1 | itisthebestforyou.eu |
|
| Details | Domain | 1 | firscountryours.eu |
|
| Details | Domain | 2 | codeforprofessionalusers.com |
|
| Details | Domain | 2 | postmastersoriginals.com |
|
| Details | Domain | 2 | retdirectyourman.eu |
|
| Details | Domain | 1 | whereverhomebe.com |
|
| Details | Domain | 1 | yourserenahelpcustom.uk |
|
| Details | Domain | 1 | connectivity-check.linkpc.net |
|
| Details | Domain | 1 | dnsexit.com |
|
| Details | Domain | 1 | time-check-broker.com |
|
| Details | Domain | 1 | metalforthecoredream.com |
|
| Details | Domain | 1 | lakeshorehomebuilders.com |
|
| Details | Domain | 6 | dnsowl.com |
|
| Details | Domain | 1 | basiconlineincome.com |
|
| Details | Domain | 1 | namehero.com |
|
| Details | Domain | 7 | registrar-servers.com |
|
| Details | Domain | 1 | xiongsteng.net |
|
| Details | Domain | 1 | secure.globalsign.com |
|
| Details | Domain | 1 | ocsp.globalsign.com |
|
| Details | Domain | 8 | www.globalsign.com |
|
| Details | Domain | 1 | crl.globalsign.com |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | 1 | estelaosinski@onionmail.org |
||
| Details | 1 | kimigleason@onionmail.org |
||
| Details | 1 | siskollew@onionmail.org |
||
| Details | 1 | jasonwang@xiongsteng.net |
||
| Details | File | 3 | svchost.ps1 |
|
| Details | File | 1 | c:\\users\\xxxx\\desktop\\cleanup.dll |
|
| Details | File | 1 | chrgetpdsi.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 19 | criticalbreachdetected.pdf |
|
| Details | File | 1 | 41-x64.exe |
|
| Details | File | 1 | fusionclientdownloader.exe |
|
| Details | File | 2 | msteamssetup_c_l_.exe |
|
| Details | File | 19 | teams.exe |
|
| Details | File | 1 | setup_mst.exe |
|
| Details | File | 1 | http.raw |
|
| Details | File | 1 | parse_http.py |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 3 | chrgetpdsi.txt |
|
| Details | File | 1 | gsgccr45evcodesignca2020.crt |
|
| Details | sha1 | 1 | 259dd0fc59098663c5ecf3b1133b571c03923611 |
|
| Details | sha1 | 1 | 41e964859045d30a84f33d2ea0484d2fe042229c |
|
| Details | sha1 | 1 | bc703ab1aa0fe510b2d4a74eb9271a0ccade2f4c |
|
| Details | sha256 | 1 | 05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041 |
|
| Details | sha256 | 1 | 06dec1d05b77f765b9d12c223d4b7887dc0a526e8d8a790bd2b99346619dc837 |
|
| Details | sha256 | 1 | 077f1659add338e217216acd6f284634977c507f5e2df5ac0e08bcadaef8fd64 |
|
| Details | sha256 | 1 | 0851fd5671640a9acaf688e2886570759364135915f272d4ff7946fe001b3f4c |
|
| Details | sha256 | 1 | 094b9b61f910f45b9896d249e18eec653370da3e80a05f7a86cef57170340f87 |
|
| Details | sha256 | 1 | 0b2fc17409949fead98cac2eeb41442dc394225b8b4025c4f6101b73b515d09b |
|
| Details | sha256 | 1 | 0cace05e3f256ad430fa6e5b42763c977f3b6e19b6a4e18e717a9c209cf2ddc1 |
|
| Details | sha256 | 1 | 0e8837be7802d9cbc0bf01b7701dcc37f906e075c5cbfbe45804f72eaf624756 |
|
| Details | sha256 | 1 | 2261bce086869cb90502272e933f1f356adc886dd8da83e5197923546827f43e |
|
| Details | sha256 | 1 | 2660e5a5b38f32e30293b51e6bb7a2e43caca9d4a17619e17c7fbe93f08c0e26 |
|
| Details | sha256 | 1 | 405486ac746e7dfea797c676ede336fde69cf19cd4249e6d2d8a4d9483617cfe |
|
| Details | sha256 | 1 | 47975a0d9299ba46e2f313c6bc9a47a760c3243509660b9edb83ffbd47e3a98b |
|
| Details | sha256 | 1 | 47e95a56736031567b2a1663410e635627ca812a2926b37f46f2322bbcbc0238 |
|
| Details | sha256 | 1 | 4adfdd5d066fb1f880f02fdd0118095afdf60d644c5df79f43935cfc3b80640e |
|
| Details | sha256 | 1 | 574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822 |
|
| Details | sha256 | 1 | 59f9929ed207c31b1d1cdf149ae3bea5d1187453574b405639bbac240ea1b693 |
|
| Details | sha256 | 1 | 5c68fda16039ff29e9bf93c6dac11edbcd111dc8ec29fa499637c43b07039d92 |
|
| Details | sha256 | 1 | 64a45cc8499992de72e4fe8c2a07100e97e333c09c0c004af2b88d8aedcd19f1 |
|
| Details | sha256 | 1 | 82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94 |
|
| Details | sha256 | 1 | 8372b173704cf8d8737e426b34efd43fba74c4fcb0a248f6ce72682ebc0bd916 |
|
| Details | sha256 | 1 | 8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650 |
|
| Details | sha256 | 1 | 9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43 |
|
| Details | sha256 | 1 | a2263d2af40140370f687f4936ef65b82d5f6c85df9e22dfc05ff677f8650ae1 |
|
| Details | sha256 | 1 | bb07c89e9eb29817ca8a70f7c9430d5f4ad82eb525472abe8bad1b161a702584 |
|
| Details | sha256 | 1 | bd5a37a8d2cdc44d60e5f550eb02e84fe41e380c341c404a4ffb71f9fc057e4a |
|
| Details | sha256 | 1 | c095497d1144ceca4cbbbeda19952322aa001e61318d6eecd4e97002f3cfc9aa |
|
| Details | sha256 | 1 | c2e7bf349214d1241cecd30748d392d9b585186fe5d38ec4b2b3d3304be206a3 |
|
| Details | sha256 | 1 | cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4 |
|
| Details | sha256 | 1 | cfe29f17a6a3df92015c8fc4c3d1365b40ab174322791c3643ed6480c1fb4349 |
|
| Details | sha256 | 1 | d4e4deab561d478084ac29751e5073de9b7ffd55fa8b408c5c76fedd3fe02f6c |
|
| Details | sha256 | 1 | d80239bb3299b1086f2ad5fc4690973604a770aafc84d21fecf0ae8004be9750 |
|
| Details | sha256 | 1 | d9ffcca98671ccb2ff42d26d98be3b30b636930cc63149895b842f834871ebe3 |
|
| Details | sha256 | 1 | e1be0e3707f67d03eaa8ac4b14b8b7cd7fc665f13a15aa8087b34cbde07116fd |
|
| Details | sha256 | 1 | e45802322835286cfe3993fe8e49a793acd705755d57d8fc007341bf3b842518 |
|
| Details | sha256 | 1 | e60cab41b7602209c1660bc518b1f7b639ab45e60bbedf3b23757e4937c24fc4 |
|
| Details | sha256 | 1 | f066cff7172a39cf7910142687ec877f428b4a352e16077a2fea712c525e932c |
|
| Details | sha256 | 1 | fd22df004b61809b110c6b4cbc9ddeb6df31edaa1f889ed501b4d516869e1efb |
|
| Details | sha256 | 1 | 72c7e22177b612254f40c5b5bc1555b5dca86e2e15e0f48551c946972160c2c5 |
|
| Details | sha256 | 1 | ae939063c8f4ed91848fbdeff3ac98c17b404649706d7a3805c05e686b2e478c |
|
| Details | sha256 | 1 | 34605c0dfbabf7ce8836091dc760a073da37f1ab35ef3e33f13117bcf044d07e |
|
| Details | sha256 | 1 | d40461331f4511c27611f6cba2af831aaa0789990c8387f6ec7bc0bf54b10961 |
|
| Details | sha256 | 1 | 687459d587df273184469f7e707c0e5db8fe4e3d4b15756d666891127851680b |
|
| Details | sha256 | 7 | a864282fea5a536510ae86c77ce46f7827687783628e4f2ceb5bf2c41b8cd3c6 |
|
| Details | sha256 | 1 | d7ba9881345d71862a68080d210643e2c2d3e17fd13065385edcd3b3391898c3 |
|
| Details | IBM X-Force - Threat Group Enumeration | 28 | ITG23 |
|
| Details | IPv4 | 4 | 172.16.1.2 |
|
| Details | IPv4 | 1 | 192.168.60.131 |
|
| Details | IPv4 | 1 | 45.61.136.244 |
|
| Details | IPv4 | 1 | 162.33.178.137 |
|
| Details | IPv4 | 1 | 45.61.136.48 |
|
| Details | IPv4 | 1 | 67.217.228.11 |
|
| Details | IPv4 | 1 | 67.217.228.136 |
|
| Details | IPv4 | 1 | 64.95.13.77 |
|
| Details | IPv4 | 1 | 45.61.136.85 |
|
| Details | IPv4 | 1 | 67.217.228.171 |
|
| Details | IPv4 | 1 | 162.33.179.46 |
|
| Details | IPv4 | 1 | 162.33.179.222 |
|
| Details | IPv4 | 1 | 64.95.13.98 |
|
| Details | IPv4 | 2 | 206.71.149.46 |
|
| Details | IPv4 | 1 | 0.5.2.41 |
|
| Details | IPv4 | 1 | 216.245.184.129 |
|
| Details | IPv4 | 1 | 64.94.84.61 |
|
| Details | IPv4 | 1 | 149.248.78.182 |
|
| Details | IPv4 | 2 | 162.33.178.83 |
|
| Details | IPv4 | 1 | 193.149.190.10 |
|
| Details | IPv4 | 2 | 162.19.237.181 |
|
| Details | IPv4 | 2 | 51.195.232.46 |
|
| Details | IPv4 | 2 | 139.99.221.140 |
|
| Details | IPv4 | 2 | 206.166.251.114 |
|
| Details | IPv4 | 2 | 64.95.10.243 |
|
| Details | IPv4 | 2 | 149.248.79.62 |
|
| Details | IPv4 | 1 | 45.66.248.78 |
|
| Details | IPv4 | 1 | 91.240.118.215 |
|
| Details | IPv4 | 1 | 141.255.166.66 |
|
| Details | IPv4 | 1 | 213.109.202.161 |
|
| Details | IPv4 | 1 | 5.255.106.234 |
|
| Details | IPv4 | 56 | 1.3.6.1 |
|
| Details | IPv4 | 4 | 2.23.140.1 |
|
| Details | MITRE ATT&CK Techniques | 82 | T1583.001 |
|
| Details | MITRE ATT&CK Techniques | 62 | T1583.003 |
|
| Details | MITRE ATT&CK Techniques | 32 | T1583.004 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1587.001 |
|
| Details | MITRE ATT&CK Techniques | 18 | T1588.004 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1078.003 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1203 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 208 | T1068 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | Url | 1 | http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt |
|
| Details | Url | 1 | http://ocsp.globalsign.com/gsgccr45evcodesignca2020 |
|
| Details | Url | 1 | https://www.globalsign.com/repository |
|
| Details | Url | 1 | http://crl.globalsign.com/gsgccr45evcodesignca2020.crl |