ioc[.]one - OSINT Cyber Threat Intelligence Database

Vulnerability ransomware attacks

Show in Graph

Common Information

Type	Value
UUID	e26e51b4-dc53-442a-bf81-54e660f66f44
Fingerprint	06f2c1a21475b5352200d4588f2b0f0aabdfef1b0e1929a087fce0de01754e72
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 14, 2021, 12:38 p.m.
Added to db	March 10, 2024, 1:38 a.m.
Last updated	Aug. 31, 2024, 4:02 a.m.
Headline	Vulnerability ransomware attacks
Title	Vulnerability ransomware attacks
Detected Hints/Tags/Attributes	71/2/21

Source URLs

	Redirection	Url
Details	Source	https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Vulnerability-in-Fortigate-VPN-servers-is-exploited-in-Cring-ransomware-attacks-En.pdf

URL Provider

Details	Provider	Source level domain
Details	kaspersky.com	ics-cert.kaspersky.com

Attributes

Details	Type	#Events	Value
Details	CVE	150	cve-2018-13379
Details	Domain	397	asp.net
Details	Domain	338	kaspersky.com
Details	Email	68	ics-cert@kaspersky.com
Details	File	6	%temp%\execute.bat
Details	File	3	c:\windows\temp\execute.bat
Details	File	7	execute.bat
Details	File	29	ip.txt
Details	File	1	nonet.txt
Details	File	102	mspub.exe
Details	File	57	mydesktopqos.exe
Details	File	60	mydesktopservice.exe
Details	File	17	kill.bat
Details	md5	1	c5d712f82d5d37bb284acd4468ab3533
Details	md5	1	317098d8e21fa4e52c1162fb24ba10ae
Details	md5	1	44d5c28b36807c69104969f5fed6f63f
Details	IPv4	1	198.12.112.204
Details	IPv4	1	45.67.231.128
Details	IPv4	1	129.227.156.216
Details	IPv4	1	129.227.156.214
Details	Url	1	http://45.67.231.128/ip.txt