RANSOMWARE UNCOVERED 2020—2021
Common Information
| Type | Value |
|---|---|
| UUID | 58c0ee62-7daf-40d6-b242-7a9fbabe5f7d |
| Fingerprint | bd55298108e3ec88c17835670d0fa988d68efdfecf678e6c05c5f283fcd5e26b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 2, 2021, 9:29 p.m. |
| Added to db | March 10, 2024, 12:42 a.m. |
| Last updated | Aug. 31, 2024, 3:11 a.m. |
| Headline | RANSOMWARE UNCOVERED 2020—2021 |
| Title | RANSOMWARE UNCOVERED 2020—2021 |
| Detected Hints/Tags/Attributes | 833/4/229 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 150 | cve-2018-13379 |
|
| Details | CVE | 161 | cve-2019-19781 |
|
| Details | CVE | 66 | cve-2019-2725 |
|
| Details | CVE | 128 | cve-2019-11510 |
|
| Details | CVE | 15 | cve-2019-11539 |
|
| Details | CVE | 67 | cve-2019-18935 |
|
| Details | CVE | 77 | cve-2020-5902 |
|
| Details | CVE | 71 | cve-2020-0688 |
|
| Details | CVE | 19 | cve-2019-0859 |
|
| Details | CVE | 49 | cve-2018-8453 |
|
| Details | CVE | 126 | cve-2017-0144 |
|
| Details | CVE | 217 | cve-2020-1472 |
|
| Details | Domain | 35 | group-ib.com |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 6 | winscp.com |
|
| Details | Domain | 9 | cert-gib.com |
|
| Details | Domain | 101 | www.group-ib.com |
|
| Details | 9 | response@cert-gib.com |
||
| Details | 1 | ransomware@group-ib.com |
||
| Details | 22 | info@group-ib.com |
||
| Details | File | 1208 | powershell.exe |
|
| Details | File | 155 | cscript.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1 | af3ee51.exe |
|
| Details | File | 15 | ips.txt |
|
| Details | File | 1 | n.ps1 |
|
| Details | File | 122 | psexec.exe |
|
| Details | File | 1 | c:\n.ps1 |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 5 | comps.txt |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | ry.exe |
|
| Details | File | 1 | %appdata%\ry.exe |
|
| Details | File | 9 | c:\windows\system32\userinit.exe |
|
| Details | File | 7 | c:\windows\system32\sethc.exe |
|
| Details | File | 13 | sdbinst.exe |
|
| Details | File | 1 | %temp%\sdb52b8.tmp |
|
| Details | File | 1 | mswinload0.dll |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 33 | sethc.exe |
|
| Details | File | 62 | fodhelper.exe |
|
| Details | File | 9 | wsreset.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | q.dll |
|
| Details | File | 2 | c:\windows\q.dll |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 76 | ping.exe |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 1 | pcro.exe |
|
| Details | File | 149 | msbuild.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 1 | c:\flopers\flopers2\bilore.dll |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 53 | adfind.exe |
|
| Details | File | 16 | ad_users.txt |
|
| Details | File | 16 | ad_computers.txt |
|
| Details | File | 12 | ad_ous.txt |
|
| Details | File | 7 | ad_subnets.txt |
|
| Details | File | 12 | ad_group.txt |
|
| Details | File | 6 | ad_trustdmp.txt |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 1 | 04.7z |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 45.153.242.129 |
|
| Details | IPv4 | 1 | 185.236.201.102 |
|
| Details | MITRE ATT&CK Techniques | 191 | T1133 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 207 | T1547 |
|
| Details | MITRE ATT&CK Techniques | 78 | T1548 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1197 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1110 |
|
| Details | MITRE ATT&CK Techniques | 109 | T1210 |
|
| Details | MITRE ATT&CK Techniques | 157 | T1560 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1030 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1136 |
|
| Details | MITRE ATT&CK Techniques | 208 | T1068 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 65 | T1069 |
|
| Details | MITRE ATT&CK Techniques | 163 | T1573 |
|
| Details | MITRE ATT&CK Techniques | 172 | T1555 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1570 |
|
| Details | MITRE ATT&CK Techniques | 534 | T1005 |
|
| Details | MITRE ATT&CK Techniques | 126 | T1567 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 122 | T1543 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 265 | T1222 |
|
| Details | MITRE ATT&CK Techniques | 243 | T1018 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 152 | T1056 |
|
| Details | MITRE ATT&CK Techniques | 159 | T1021 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1039 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1537 |
|
| Details | MITRE ATT&CK Techniques | 58 | T1498 |
|
| Details | MITRE ATT&CK Techniques | 8 | T1200 |
|
| Details | MITRE ATT&CK Techniques | 78 | T1569 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1546 |
|
| Details | MITRE ATT&CK Techniques | 107 | T1564 |
|
| Details | MITRE ATT&CK Techniques | 124 | T1482 |
|
| Details | MITRE ATT&CK Techniques | 75 | T1001 |
|
| Details | MITRE ATT&CK Techniques | 289 | T1003 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1550 |
|
| Details | MITRE ATT&CK Techniques | 52 | T1199 |
|
| Details | MITRE ATT&CK Techniques | 420 | T1204 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | MITRE ATT&CK Techniques | 235 | T1562 |
|
| Details | MITRE ATT&CK Techniques | 168 | T1046 |
|
| Details | MITRE ATT&CK Techniques | 41 | T1008 |
|
| Details | MITRE ATT&CK Techniques | 27 | T1558 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 25 | T1104 |
|
| Details | MITRE ATT&CK Techniques | 113 | T1552 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1505 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 245 | T1016 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1049 |
|
| Details | MITRE ATT&CK Techniques | 95 | T1572 |
|
| Details | MITRE ATT&CK Techniques | 121 | T1218 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 152 | T1090 |
|
| Details | MITRE ATT&CK Techniques | 56 | T1553 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1007 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1219 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1127 |
|
| Details | MITRE ATT&CK Techniques | 185 | T1518 |
|
| Details | MITRE ATT&CK Techniques | 238 | T1497 |
|
| Details | MITRE ATT&CK Techniques | 176 | T1135 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1110.001 |
|
| Details | MITRE ATT&CK Techniques | 12 | T1110.004 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 93 | T1059.007 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 20 | T1547.004 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1546.003 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1546.008 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1546.011 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1546.012 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 104 | T1505.003 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1548.002 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1055.001 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1055.012 |
|
| Details | MITRE ATT&CK Techniques | 7 | T1055.013 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1055.004 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1564.004 |
|
| Details | MITRE ATT&CK Techniques | 4 | T1564.006 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1562.004 |
|
| Details | MITRE ATT&CK Techniques | 92 | T1070.001 |
|
| Details | MITRE ATT&CK Techniques | 297 | T1070.004 |
|
| Details | MITRE ATT&CK Techniques | 57 | T1036.004 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1036.005 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1027.002 |
|
| Details | MITRE ATT&CK Techniques | 26 | T1027.003 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1027.004 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1218.005 |
|
| Details | MITRE ATT&CK Techniques | 39 | T1218.007 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1218.010 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1218.011 |
|
| Details | MITRE ATT&CK Techniques | 55 | T1553.002 |
|
| Details | MITRE ATT&CK Techniques | 10 | T1127.001 |
|
| Details | MITRE ATT&CK Techniques | 97 | T1497.001 |
|
| Details | MITRE ATT&CK Techniques | 57 | T1497.003 |
|
| Details | MITRE ATT&CK Techniques | 49 | T1110.003 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1110.002 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1555.003 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1056.001 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1056.002 |
|
| Details | MITRE ATT&CK Techniques | 10 | T1056.004 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 43 | T1003.002 |
|
| Details | MITRE ATT&CK Techniques | 16 | T1003.004 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1003.005 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1003.003 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1558.003 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1552.001 |
|
| Details | MITRE ATT&CK Techniques | 23 | T1552.002 |
|
| Details | MITRE ATT&CK Techniques | 179 | T1087 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1021.001 |
|
| Details | MITRE ATT&CK Techniques | 139 | T1021.002 |
|
| Details | MITRE ATT&CK Techniques | 10 | T1021.003 |
|
| Details | MITRE ATT&CK Techniques | 30 | T1021.006 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1021.004 |
|
| Details | MITRE ATT&CK Techniques | 38 | T1550.002 |
|
| Details | MITRE ATT&CK Techniques | 12 | T1550.003 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1560.001 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 74 | T1573.002 |
|
| Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1132.001 |
|
| Details | MITRE ATT&CK Techniques | 6 | T1001.002 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1090.002 |
|
| Details | MITRE ATT&CK Techniques | 48 | T1090.003 |
|
| Details | MITRE ATT&CK Techniques | 100 | T1567.002 |
|
| Details | Threat Actor Identifier - APT | 297 | APT27 |
|
| Details | Threat Actor Identifier - FIN | 127 | FIN11 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |
|
| Details | Url | 1 | http://45.153.242.129/q.dll |
|
| Details | Windows Registry Key | 104 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 11 | HKLM\SOFTWARE\Microsoft |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 9 | HKLM\System\CurrentControlSet\Control\Terminal |