Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot
Common Information
| Type | Value |
|---|---|
| UUID | 452a0499-dcc1-431f-a036-47f1547be7df |
| Fingerprint | 4771179c34a396c950510caf8d4eb983fd1d478f38373fea0b273d1719c80d88 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 2, 2020, 5:33 p.m. |
| Added to db | March 10, 2024, 1 a.m. |
| Last updated | Aug. 31, 2024, 2:38 a.m. |
| Headline | Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot |
| Title | Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot |
| Detected Hints/Tags/Attributes | 92/2/66 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2020-1203.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 59 | cve-2018-15982 |
|
| Details | CVE | 128 | cve-2019-11510 |
|
| Details | CVE | 106 | cve-2018-8174 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | File | 10 | md.exe |
|
| Details | File | 10 | rdp.bat |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 9 | recover-files.txt |
|
| Details | File | 1 | dtb.dat |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 46 | msftesql.exe |
|
| Details | File | 58 | sqlagent.exe |
|
| Details | File | 62 | sqlbrowser.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 57 | ocssd.exe |
|
| Details | File | 61 | dbsnmp.exe |
|
| Details | File | 57 | synctime.exe |
|
| Details | File | 57 | agntsvc.exe |
|
| Details | File | 54 | isqlplussvc.exe |
|
| Details | File | 56 | xfssvccon.exe |
|
| Details | File | 60 | mydesktopservice.exe |
|
| Details | File | 57 | ocautoupds.exe |
|
| Details | File | 57 | encsvc.exe |
|
| Details | File | 41 | firefoxconfig.exe |
|
| Details | File | 55 | tbirdconfig.exe |
|
| Details | File | 57 | mydesktopqos.exe |
|
| Details | File | 57 | ocomm.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 43 | mysqld-nt.exe |
|
| Details | File | 40 | mysqld-opt.exe |
|
| Details | File | 58 | dbeng50.exe |
|
| Details | File | 55 | sqbcoreservice.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 52 | infopath.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 58 | thebat.exe |
|
| Details | File | 99 | steam.exe |
|
| Details | File | 35 | thebat64.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 19 | qbw32.exe |
|
| Details | File | 6 | qbw64.exe |
|
| Details | File | 6 | ipython.exe |
|
| Details | File | 6 | wpython.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 30 | dumpcap.exe |
|
| Details | File | 27 | procmon64.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 40 | procexp64.exe |