MacProStorage-T3:4Work:Bitdefender-PR-Whitepaper-creat4279-en_EN:Bitdefender-PR-Whitepaper-creat4279-en_EN.indd
Show in Graph
Image Description
Common Information
Type Value
UUID fb673c1a-8af0-4edd-9311-9b678909701d
Fingerprint 0083d2882a4e4ad0d662388125da8c136f069f898d4e919b66ace326fd56cfbb
Analysis status DONE
Considered CTI value 2
Text language
Published April 22, 2021, 6:44 p.m.
Added to db March 12, 2024, 6:30 p.m.
Last updated Aug. 31, 2024, 4:24 a.m.
Headline MacProStorage-T3:4Work:Bitdefender-PR-Whitepaper-creat4279-en_EN:Bitdefender-PR-Whitepaper-creat4279-en_EN.indd
Title MacProStorage-T3:4Work:Bitdefender-PR-Whitepaper-creat4279-en_EN:Bitdefender-PR-Whitepaper-creat4279-en_EN.indd
Detected Hints/Tags/Attributes 124/3/62
Source URLs
Redirection Url
Details Source https://www.bitdefender.com/files/News/CaseStudies/study/397/Bitdefender-PR-Whitepaper-RIG-creat5362-en-EN.pdf
URL Provider
Details Provider Source level domain
Details bitdefender.com www.bitdefender.com
Attributes
Details Type #Events CTI Value
Details CVE 16 
cve-2019-0752
Details CVE 106 
cve-2018-8174
Details Domain 128 
www.bitdefender.com
Details Domain 1 
traffic.allindelivery.net
Details Domain 2 
myallexit.xyz
Details Domain 2 
clickadusweep.vip
Details Domain 1 
enter.testclicktds.xyz
Details Domain 2 
zeroexit.xyz
Details Domain 1 
zero.testtrack.xyz
Details Domain 452 
msrc.microsoft.com
Details Domain 4127 
github.com
Details Domain 403 
securelist.com
Details Domain 15 
www.vmray.com
Details File 1 
window.exe
Details File 2125 
cmd.exe
Details File 6 
3.tmp
Details File 1208 
powershell.exe
Details File 376 
wscript.exe
Details File 1 
y.opt
Details File 10 
regsrv32.exe
Details File 80 
msvcrt.dll
Details File 82 
kernelbase.dll
Details File 533 
ntdll.dll
Details File 748 
kernel32.dll
Details File 1 
eax+ldr_data_table_entry.dll
Details File 1 
eax+image_nt_headers.opt
Details File 3 
ionalheader.dat
Details File 76 
gdi32.dll
Details File 15 
optionalheader.dat
Details File 6 
c:\windows\system32\icacls.exe
Details File 249 
schtasks.exe
Details File 60 
c:\windows\system32\schtasks.exe
Details Github username 3 
0x09al
Details Github username 2 
piotrflorczyk
Details md5 1 
6afc5c3e1caa344989513b2773ae172a
Details md5 1 
5e341da684a504b7328243d5c9c0f09a
Details md5 1 
ff68100339c8075243ccf391c179173b
Details md5 1 
3c4e86b0d42094f25d4c34ca882e5c09
Details md5 2 
6ee2138d5467da398e02afe2baea9fbe
Details IPv4 1 
45.138.24.35
Details IPv4 1 
45.138.26.235
Details IPv4 1 
188.227.57.214
Details IPv4 1 
157.7.166.26
Details IPv4 1 
162.144.127.197
Details IPv4 1 
46.22.57.17
Details IPv4 1 
188.127.249.141
Details IPv4 2 
188.225.75.54
Details IPv4 1 
185.230.140.204
Details IPv4 1 
188.227.106.122
Details Url 1 
http://45.138.26.235/?mzi3mze1
Details Url 1 
http://188.227.57.214/?mtywnjg0&miigat&oa1n4=x3rqdfwy[
Details Url 1 
https://157.7.166.26:5353
Details Url 1 
https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2019-0752
Details Url 1 
https://www.zerodayinitiative.com/blog/2019/5/21/rce-without-native-code-exploitation-of-a-write-what-where-in-
Details Url 1 
https://github.com/0x09al/cve-2018-8174-msf#cve
Details Url 1 
https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2018-8174
Details Url 3 
https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486
Details Url 2 
https://github.com/piotrflorczyk/cve-2018-8174_analysis
Details Url 2 
https://www.vmray.com/cyber-security-blog/wastedlocker-ransomware-threat-bulletin
Details Url 1 
https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-
Details Windows Registry Key 4 
HKEY_CLASSES_ROOT\interface
Details Windows Registry Key 49 
HKLM\Software\Microsoft\Windows