Analysis on legit tools abused in human operated ransomware
Common Information
| Type | Value |
|---|---|
| UUID | fe9011b4-2dcb-42d3-a57c-664bc36ceef2 |
| Fingerprint | 4ff3f49cbdc2c5ec6496ac6f8ddac1274fa3ad55748e5ffa2ef5c2c96fc2217d |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 15, 2023, 3:11 p.m. |
| Added to db | March 12, 2024, 7:58 p.m. |
| Last updated | Aug. 31, 2024, 1:55 a.m. |
| Headline | Analysis on legit tools abused in human operated ransomware |
| Title | Analysis on legit tools abused in human operated ransomware |
| Detected Hints/Tags/Attributes | 128/2/75 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | net.anydesk.com |
|
| Details | Domain | 4 | ps.pndsn.com |
|
| Details | Domain | 2 | atera.com |
|
| Details | Domain | 2 | relay.screenconnect.com |
|
| Details | Domain | 4 | screenconnect.com |
|
| Details | Domain | 4 | logmein.com |
|
| Details | Domain | 16 | ngrok.com |
|
| Details | Domain | 3 | remoteutilities.com |
|
| Details | Domain | 1 | splashtop.com |
|
| Details | Domain | 2 | nanosystems.it |
|
| Details | Domain | 6 | teamviewer.com |
|
| Details | Domain | 21 | data.zip |
|
| Details | Domain | 1 | goodsync.com |
|
| Details | Domain | 10 | mega.co.nz |
|
| Details | File | 3 | 1.ini |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 2 | megatools.exe |
|
| Details | File | 35 | 2.txt |
|
| Details | File | 39 | anydesk.exe |
|
| Details | File | 3 | connection_trace.txt |
|
| Details | File | 1 | aterasetuplog.txt |
|
| Details | File | 7 | ateraagent.exe |
|
| Details | File | 85 | log.txt |
|
| Details | File | 6 | clientservice.exe |
|
| Details | File | 5 | windowsclient.exe |
|
| Details | File | 1 | logmein.log |
|
| Details | File | 1 | lmiyyyymmdd.log |
|
| Details | File | 14 | lmiguardiansvc.exe |
|
| Details | File | 1 | lmiinfo.sys |
|
| Details | File | 2 | ramaint.exe |
|
| Details | File | 1 | lmirfsdriver.sys |
|
| Details | File | 2 | logmein.exe |
|
| Details | File | 2 | logmeinsystray.exe |
|
| Details | File | 21 | ngrok.exe |
|
| Details | File | 1 | rut_log_yyyy-mm.html |
|
| Details | File | 8 | rutserv.exe |
|
| Details | File | 2 | streamer.exe |
|
| Details | File | 3 | srservice.exe |
|
| Details | File | 2 | ssuservice.exe |
|
| Details | File | 1 | splog.txt |
|
| Details | File | 1 | ftclog.txt |
|
| Details | File | 1 | supremoservice.exe |
|
| Details | File | 4 | service.log |
|
| Details | File | 2 | supremo.exe |
|
| Details | File | 13 | client.log |
|
| Details | File | 1 | 00.inc |
|
| Details | File | 1 | oming.log |
|
| Details | File | 1 | reportsqueue.log |
|
| Details | File | 1 | filetransfer.log |
|
| Details | File | 2 | teamviewer_setup.exe |
|
| Details | File | 1 | tv15install.log |
|
| Details | File | 1 | tvinfo.ini |
|
| Details | File | 18 | teamviewer_service.exe |
|
| Details | File | 25 | teamviewer.exe |
|
| Details | File | 2 | teamviewer15_logfile.log |
|
| Details | File | 7 | teamviewer_desktop.exe |
|
| Details | File | 5 | connections_incoming.txt |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 18 | data.zip |
|
| Details | File | 8 | tvnserver.exe |
|
| Details | File | 7 | tvnviewer.exe |
|
| Details | File | 10 | filezilla.exe |
|
| Details | File | 14 | uninstall.exe |
|
| Details | File | 10 | filezilla.xml |
|
| Details | File | 34 | recentservers.xml |
|
| Details | File | 1 | freefilesync.exe |
|
| Details | File | 1 | globalsettings.xml |
|
| Details | File | 1 | installlicense-yymmdd-hhmm.log |
|
| Details | File | 1 | gs-server.exe |
|
| Details | File | 1 | megatool.exe |
|
| Details | File | 1 | mega.ini |
|
| Details | File | 37 | rclone.exe |
|
| Details | File | 16 | winscp.exe |
|
| Details | File | 4 | mm.html |
|
| Details | File | 1 | tvnetwork.log |