Threat Trend Report on Ransomware
Common Information
| Type | Value |
|---|---|
| UUID | 6fe10971-b1a2-4e6a-90c0-f0940d8c711d |
| Fingerprint | ad3f6bc7f969ca16b41843d20207d522ca0410d5ce6522716d4b3fefc84f68f7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 16, 2023, 1:31 p.m. |
| Added to db | Sept. 22, 2024, 3:31 p.m. |
| Last updated | Sept. 22, 2024, 3:34 p.m. |
| Headline | Threat Trend Report on Ransomware |
| Title | Threat Trend Report on Ransomware |
| Detected Hints/Tags/Attributes | 138/3/175 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 243 | cve-2023-34362 |
|
| Details | CVE | 57 | cve-2023-35036 |
|
| Details | CVE | 53 | cve-2023-35708 |
|
| Details | CVE | 66 | cve-2021-21974 |
|
| Details | Domain | 3 | error.software |
|
| Details | Domain | 6 | ms.update.center.security |
|
| Details | Domain | 44 | atip.ahnlab.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 78 | socradar.io |
|
| Details | Domain | 38 | community.progress.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 66 | www.malwarebytes.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 1 | www.channelfutures.com |
|
| Details | Domain | 8 | www.zynamics.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 9 | www.boannews.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 20 | www.nomoreransom.org |
|
| Details | Domain | 3 | seed.kisa.or.kr |
|
| Details | Domain | 36 | decoded.avast.io |
|
| Details | Domain | 5 | hiperfdhaus.com |
|
| Details | Domain | 5 | jirostrogud.com |
|
| Details | Domain | 7 | qweastradoc.com |
|
| Details | Domain | 3 | connectzoomdownload.com |
|
| Details | Domain | 3 | zoom.voyage |
|
| Details | Domain | 5 | guerdofest.com |
|
| Details | Domain | 54 | www.ahnlab.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | File | 5 | software.log |
|
| Details | File | 49 | error.log |
|
| Details | File | 4 | assistant.exe |
|
| Details | File | 2 | investigating-blacksuit-ransomwares-similarities-to-royal.html |
|
| Details | File | 7 | bindiff.html |
|
| Details | File | 10 | blacksuit.txt |
|
| Details | File | 1 | ocd_worldwatch_ransomware-ecosystem-map.pdf |
|
| Details | File | 26 | akira_readme.txt |
|
| Details | File | 2 | an-overview-of-the-trigona-ransomware.html |
|
| Details | File | 36 | human2.aspx |
|
| Details | File | 101 | gate.php |
|
| Details | File | 8 | zoominstaller.exe |
|
| Details | File | 13 | zoom.exe |
|
| Details | sha256 | 6 | e8012a15b6f6b404a33f293205b602ece486d01337b8b3ec331cd99ccadb562e |
|
| Details | sha256 | 6 | 9e89d9f045664996067a05610ea2b0ad4f7f502f73d84321fb07861348fdc24a |
|
| Details | sha256 | 6 | 702421bcee1785d93271d311f0203da34cc936317e299575b06503945a6ea1e0 |
|
| Details | sha256 | 6 | 0ea05169d111415903a1098110c34cdbbd390c23016cd4e179dd9ef507104495 |
|
| Details | sha256 | 6 | d49cf23d83b2743c573ba383bf6f3c28da41ac5f745cde41ef8cd1344528c195 |
|
| Details | sha256 | 5 | a1269294254e958e0e58fc0fe887ebbc4201d5c266557f09c3f37542bd6d53d7 |
|
| Details | sha256 | 7 | 90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c |
|
| Details | sha256 | 7 | 1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e |
|
| Details | sha256 | 4 | 6ac8e7384767d1cb6792e62e09efc31a07398ca2043652ab11c090e6a585b310 |
|
| Details | sha256 | 5 | 4d7f6c6a051ecb1f8410243cd6941b339570165ebcfd3cc7db48d2a924874e99 |
|
| Details | sha256 | 9 | b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c |
|
| Details | sha256 | 4 | 1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296 |
|
| Details | sha256 | 6 | 0b3220b11698b1436d1d866ac07cc90018e59884e91a8cb71ef8924309f1e0e9 |
|
| Details | sha256 | 6 | 110e301d3b5019177728010202c8096824829c0b11bb0dc0bff55547ead18286 |
|
| Details | sha256 | 6 | 1826268249e1ea58275328102a5a8d158d36b4fd312009e4a2526f0bfbc30de2 |
|
| Details | sha256 | 7 | 2413b5d0750c23b07999ec33a5b4930be224b661aaf290a0118db803f31acbc5 |
|
| Details | sha256 | 6 | 2ccf7e42afd3f6bf845865c74b2e01e2046e541bb633d037b05bd1cdb296fa59 |
|
| Details | sha256 | 6 | 348e435196dd795e1ec31169bd111c7ec964e5a6ab525a562b17f10de0ab031d |
|
| Details | sha256 | 6 | 387cee566aedbafa8c114ed1c6b98d8b9b65e9f178cf2f6ae2f5ac441082747a |
|
| Details | sha256 | 4 | 38e69f4a6d2e81f28ed2dc6df0daf31e73ea365bd2cfc90ebc31441404cca264 |
|
| Details | sha256 | 6 | 3a977446ed70b02864ef8cfa3135d8b134c93ef868a4cc0aa5d3c2a74545725b |
|
| Details | sha256 | 6 | 3ab73ea9aebf271e5f3ed701286701d0be688bf7ad4fb276cb4fbe35c8af8409 |
|
| Details | sha256 | 4 | 3c0dbda8a5500367c22ca224919bfc87d725d890756222c8066933286f26494c |
|
| Details | sha256 | 6 | 4359aead416b1b2df8ad9e53c497806403a2253b7e13c03317fc08ad3b0b95bf |
|
| Details | sha256 | 5 | 48367d94ccb4411f15d7ef9c455c92125f3ad812f2363c4d2e949ce1b615429a |
|
| Details | sha256 | 4 | 58ccfb603cdc4d305fddd52b84ad3f58ff554f1af4d7ef164007cb8438976166 |
|
| Details | sha256 | 6 | 5b566de1aa4b2f79f579cdac6283b33e98fdc8c1cfa6211a787f8156848d67ff |
|
| Details | sha256 | 7 | 6015fed13c5510bbb89b0a5302c8b95a5b811982ff6de9930725c4630ec4011d |
|
| Details | sha256 | 3 | 769f77aace5eed4717c7d3142989b53bd5bac9297a6e11b2c588c3989b397e6b |
|
| Details | sha256 | 4 | 7c39499dd3b0b283b242f7b7996205a9b3cf8bd5c943ef6766992204d46ec5f1 |
|
| Details | sha256 | 4 | 93137272f3654d56b9ce63bec2e40dd816c82fb6bad9985bed477f17999a47db |
|
| Details | sha256 | 5 | 98a30c7251cf622bd4abce92ab527c3f233b817a57519c2dd2bf8e3d3ccb7db8 |
|
| Details | sha256 | 6 | 9d1723777de67bc7e11678db800d2a32de3bcd6c40a629cd165e3f7bbace8ead |
|
| Details | sha256 | 5 | a8f6c1ccba662a908ef7b0cb3cc59c2d1c9e2cbbe1866937da81c4c616e68986 |
|
| Details | sha256 | 6 | b1c299a9fe6076f370178de7b808f36135df16c4e438ef6453a39565ff2ec272 |
|
| Details | sha256 | 5 | b5ef11d04604c9145e4fe1bedaeb52f2c2345703d52115a5bf11ea56d7fb6b03 |
|
| Details | sha256 | 5 | b9a0baf82feb08e42fa6ca53e9ec379e79fbe8362a7dac6150eb39c2d33d94ad |
|
| Details | sha256 | 4 | bdd4fa8e97e5e6eaaac8d6178f1cf4c324b9c59fc276fd6b368e811b327ccf8b |
|
| Details | sha256 | 5 | c56bcb513248885673645ff1df44d3661a75cfacdce485535da898aa9ba320d4 |
|
| Details | sha256 | 5 | c77438e8657518221613fbce451c664a75f05beea2184a3ae67f30ea71d34f37 |
|
| Details | sha256 | 5 | cec425b3383890b63f5022054c396f6d510fae436041add935cd6ce42033f621 |
|
| Details | sha256 | 6 | cf23ea0d63b4c4c348865cefd70c35727ea8c82ba86d56635e488d816e60ea45 |
|
| Details | sha256 | 5 | d477ec94e522b8d741f46b2c00291da05c72d21c359244ccb1c211c12b635899 |
|
| Details | sha256 | 5 | daaa102d82550f97642887514093c98ccd51735e025995c2cc14718330a856f4 |
|
| Details | sha256 | 5 | ea433739fb708f5d25c937925e499c8d2228bf245653ee89a6f3d26a5fd00b7a |
|
| Details | sha256 | 5 | ed0c3e75b7ac2587a5892ca951707b4e0dd9c8b18aaf8590c24720d73aa6b90c |
|
| Details | sha256 | 5 | f0d85b65b9f6942c75271209138ab24a73da29a06bc6cc4faeddcb825058c09d |
|
| Details | sha256 | 4 | fe5f8388ccea7c548d587d1e2843921c038a9f4ddad3cb03f3aa8a45c29c6a2f |
|
| Details | IPv4 | 3 | 104.194.222.107 |
|
| Details | IPv4 | 4 | 146.0.77.141 |
|
| Details | IPv4 | 4 | 146.0.77.155 |
|
| Details | IPv4 | 4 | 146.0.77.183 |
|
| Details | IPv4 | 15 | 148.113.152.144 |
|
| Details | IPv4 | 4 | 162.244.34.26 |
|
| Details | IPv4 | 4 | 162.244.35.6 |
|
| Details | IPv4 | 4 | 179.60.150.143 |
|
| Details | IPv4 | 4 | 185.104.194.156 |
|
| Details | IPv4 | 4 | 185.104.194.24 |
|
| Details | IPv4 | 4 | 185.104.194.40 |
|
| Details | IPv4 | 4 | 185.117.88.17 |
|
| Details | IPv4 | 4 | 185.162.128.75 |
|
| Details | IPv4 | 4 | 185.174.100.215 |
|
| Details | IPv4 | 4 | 185.174.100.250 |
|
| Details | IPv4 | 4 | 185.181.229.240 |
|
| Details | IPv4 | 4 | 185.181.229.73 |
|
| Details | IPv4 | 4 | 185.183.32.122 |
|
| Details | IPv4 | 4 | 185.185.50.172 |
|
| Details | IPv4 | 4 | 188.241.58.244 |
|
| Details | IPv4 | 4 | 193.169.245.79 |
|
| Details | IPv4 | 4 | 194.33.40.103 |
|
| Details | IPv4 | 4 | 194.33.40.104 |
|
| Details | IPv4 | 3 | 194.33.40.1 |
|
| Details | IPv4 | 4 | 198.12.76.214 |
|
| Details | IPv4 | 7 | 198.27.75.110 |
|
| Details | IPv4 | 4 | 206.221.182.106 |
|
| Details | IPv4 | 4 | 209.127.116.122 |
|
| Details | IPv4 | 4 | 209.127.4.22 |
|
| Details | IPv4 | 7 | 209.222.103.170 |
|
| Details | IPv4 | 4 | 45.227.253.133 |
|
| Details | IPv4 | 4 | 45.227.253.147 |
|
| Details | IPv4 | 4 | 45.227.253.50 |
|
| Details | IPv4 | 4 | 45.227.253.6 |
|
| Details | IPv4 | 4 | 45.227.253.82 |
|
| Details | IPv4 | 4 | 45.56.165.248 |
|
| Details | IPv4 | 4 | 5.149.248.68 |
|
| Details | IPv4 | 4 | 5.149.250.74 |
|
| Details | IPv4 | 4 | 5.149.250.92 |
|
| Details | IPv4 | 4 | 5.188.86.114 |
|
| Details | IPv4 | 4 | 5.188.86.250 |
|
| Details | IPv4 | 4 | 5.188.87.194 |
|
| Details | IPv4 | 4 | 5.188.87.226 |
|
| Details | IPv4 | 4 | 5.188.87.27 |
|
| Details | IPv4 | 4 | 5.252.23.116 |
|
| Details | IPv4 | 4 | 5.252.25.88 |
|
| Details | IPv4 | 4 | 5.34.180.205 |
|
| Details | IPv4 | 4 | 62.112.11.57 |
|
| Details | IPv4 | 4 | 62.182.82.19 |
|
| Details | IPv4 | 4 | 62.182.85.234 |
|
| Details | IPv4 | 4 | 66.85.26.215 |
|
| Details | IPv4 | 4 | 66.85.26.234 |
|
| Details | IPv4 | 4 | 66.85.26.248 |
|
| Details | IPv4 | 4 | 79.141.160.78 |
|
| Details | IPv4 | 4 | 79.141.160.83 |
|
| Details | IPv4 | 7 | 84.234.96.104 |
|
| Details | IPv4 | 4 | 84.234.96.31 |
|
| Details | IPv4 | 4 | 89.39.104.118 |
|
| Details | IPv4 | 15 | 89.39.105.108 |
|
| Details | IPv4 | 4 | 91.202.4.76 |
|
| Details | IPv4 | 4 | 91.222.174.95 |
|
| Details | IPv4 | 4 | 91.229.76.187 |
|
| Details | IPv4 | 4 | 93.190.142.131 |
|
| Details | Url | 8 | https://community.progress.com/s/article/moveit-transfer-critical-vulnerability-31may2023 |
|
| Details | Url | 3 | https://twitter.com/msftsecintel/status/1665537730946670595 |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-moveit-extortion- |
|
| Details | Url | 1 | https://www.malwarebytes.com/blog/news/2023/06/cl0p-ransomware-gang-claims-first-victims-of-the-moveit-vulnerability |
|
| Details | Url | 4 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a |
|
| Details | Url | 1 | https://atip.ahnlab.com/ti/contents/regular-report/monthly?i=ebf8ca26 |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-adds-blacksuit-encryptor-to-their- |
|
| Details | Url | 5 | https://www.zynamics.com/bindiff.html |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi- |
|
| Details | Url | 2 | https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html |
|
| Details | Url | 1 | https://decoded.avast.io/threatresearch/decrypted-akira-ransomware |
|
| Details | Url | 3 | http://hiperfdhaus.com |
|
| Details | Url | 3 | http://jirostrogud.com |
|
| Details | Url | 3 | http://qweastradoc.com |
|
| Details | Url | 6 | http://qweastradoc.com/gate.php |
|
| Details | Url | 3 | http://connectzoomdownload.com/download/zoominstaller.exe |
|
| Details | Url | 3 | https://connectzoomdownload.com/download/zoominstaller.exe |
|
| Details | Url | 3 | http://zoom.voyage/download/zoom.exe |
|
| Details | Url | 3 | http://guerdofest.com/gate.php |
|
| Details | Url | 34 | https://www.ahnlab.com |
|
| Details | Url | 34 | https://asec.ahnlab.com/en |