Emerging Threat: Uncovering Rhysida and their activities
Show in Graph
Image Description
Common Information
Type Value
UUID 56c9b1fe-c6a0-46b9-9d65-7876e9f24812
Fingerprint ae990c9ab3bd4a9ddad8789f4a02e12ad761664643b837ebc63a31ab36304318
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 26, 2023, 10:11 a.m.
Added to db June 5, 2024, 1:14 p.m.
Last updated Aug. 31, 2024, 7:29 a.m.
Headline Emerging Threat: Uncovering Rhysida and their activities
Title Emerging Threat: Uncovering Rhysida and their activities
Detected Hints/Tags/Attributes 267/4/141
Source URLs
Redirection Url
Details Source https://www.logpoint.com/wp-content/uploads/2023/12/logpoint-etpr-rhysida.pdf
URL Provider
Details Provider Source level domain
Details logpoint.com www.logpoint.com
Attributes
Details Type #Events CTI Value
Details CVE 217 
cve-2020-1472
Details Domain 22 
www.logpoint.com
Details Domain 7 
ransomware.live
Details Domain 911 
any.run
Details Domain 35 
myip.opendns.com
Details Domain 35 
resolver1.opendns.com
Details Domain 3 
s1.host
Details Domain 3 
s2.host
Details Domain 7 
system.hiv
Details File 39 
www.log
Details File 1208 
powershell.exe
Details File 1 
rhysida.exe
Details File 2 
c:\users\public\bg.jpg
Details File 2125 
cmd.exe
Details File 14 
bg.jpg
Details File 291 
user32.dll
Details File 1018 
rundll32.exe
Details File 5 
g.ps1
Details File 8 
wevutil.exe
Details File 59 
ntdsutil.exe
Details File 351 
recycle.bin
Details File 1 
initialisationscript.ps1
Details File 143 
thumbs.db
Details File 1 
'criticalbreachdetected.pdf
Details File 409 
c:\windows\system32\cmd.exe
Details File 6 
c:\programdata\anydesk.exe
Details File 19 
criticalbreachdetected.pdf
Details File 323 
winword.exe
Details File 199 
excel.exe
Details File 92 
powerpnt.exe
Details File 102 
mspub.exe
Details File 86 
visio.exe
Details File 173 
outlook.exe
Details File 91 
msaccess.exe
Details File 57 
eqnedt32.exe
Details File 74 
onenote.exe
Details File 8 
wordview.exe
Details File 13 
appvlp.exe
Details File 17 
bash.exe
Details File 63 
bitsadmin.exe
Details File 5 
certoc.exe
Details File 226 
certutil.exe
Details File 47 
cmstp.exe
Details File 55 
control.exe
Details File 155 
cscript.exe
Details File 93 
curl.exe
Details File 33 
forfiles.exe
Details File 34 
hh.exe
Details File 7 
ieexec.exe
Details File 83 
installutil.exe
Details File 44 
javaw.exe
Details File 12 
mftrace.exe
Details File 10 
compiler.exe
Details File 149 
msbuild.exe
Details File 33 
msdt.exe
Details File 456 
mshta.exe
Details File 5 
msidb.exe
Details File 269 
msiexec.exe
Details File 23 
msxsl.exe
Details File 22 
odbcconf.exe
Details File 18 
pcalua.exe
Details File 35 
pwsh.exe
Details File 103 
regasm.exe
Details File 72 
regsvcs.exe
Details File 459 
regsvr32.exe
Details File 249 
schtasks.exe
Details File 23 
scrcons.exe
Details File 16 
scriptrunner.exe
Details File 16 
sh.exe
Details File 1122 
svchost.exe
Details File 17 
verclsid.exe
Details File 240 
wmic.exe
Details File 9 
workfolders.exe
Details File 376 
wscript.exe
Details File 165 
reg.exe
Details File 12 
backgrounddownload.exe
Details File 8 
c:\windows\system32\cleanmgr.exe
Details File 198 
msmpeng.exe
Details File 6 
c:\windows\syswow64\onedrivesetup.exe
Details File 97 
mpcmdrun.exe
Details File 6 
vs_setup_bootstrapper.exe
Details File 11 
dismhost.exe
Details File 95 
wevtutil.exe
Details File 118 
sc.exe
Details File 256 
net.exe
Details File 48 
net1.exe
Details File 5 
ntdsdump.exe
Details File 4 
ntdsdumpex.exe
Details File 3 
ntdsutl.exe
Details File 3 
ntdsgrab.ps1
Details File 62 
whoami.exe
Details File 49 
nltest.exe
Details File 51 
ipconfig.exe
Details File 61 
systeminfo.exe
Details File 11 
route.exe
Details File 17 
quser.exe
Details File 12 
qwinsta.exe
Details File 46 
netstat.exe
Details File 10 
nbtstat.exe
Details File 5 
psexecsvc.exe
Details File 31 
psexesvc.exe
Details File 345 
vssadmin.exe
Details File 23 
diskshadow.exe
Details File 43 
wbadmin.exe
Details MITRE ATT&CK Techniques 67 
T1003.003
Details MITRE ATT&CK Techniques 27 
T1003.006
Details MITRE ATT&CK Techniques 16 
T1003.004
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 43 
T1003.002
Details MITRE ATT&CK Techniques 99 
T1087.002
Details MITRE ATT&CK Techniques 72 
T1087.001
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 19 
T1406
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 92 
T1070.001
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 66 
T1564.003
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 208 
T1068
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 159 
T1095
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 100 
T1567.002
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 59 
T1021.004
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 16 
T1657
Details MITRE ATT&CK Techniques 276 
T1490
Details Windows Registry Key 37 
HKCU\Control
Details Windows Registry Key 2 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Details Windows Registry Key 2 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Details Windows Registry Key 2 
HKCU\Conttol
Details Windows Registry Key 7 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System