ioc[.]one - OSINT Cyber Threat Intelligence Database

Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
country:	Canada
attack-pattern:	Data Models Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Artificial Intelligence - T1588.007 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Domain Accounts - T1078.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Firmware - T1592.003 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Network Devices - T1584.008 Powershell - T1059.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Smb/Windows Admin Shares - T1021.002 Ssh - T1021.004 Windows Command Shell - T1059.003 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Credential Dumping - T1003 Exfiltration Over Alternative Protocol - T1048 External Remote Services - T1133 Network Service Scanning - T1046 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Valid Accounts - T1078 External Remote Services Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	097f58dd-6b44-4132-a458-4eb413f56a8e
Fingerprint	37f3e0888f89a60a
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 24, 2024, 12:53 p.m.
Added to db	Oct. 24, 2024, 5:52 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN
Title	Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf
Detected Hints/Tags/Attributes	144/3/79

Source URLs

	Redirection	Url
Details	Source	https://arcticwolf.com/resources/blog/arctic-wolf-labs-observes-increased-fog-and-akira-ransomware-activity-linked-to-sonicwall-ssl-vpn/
Details	Source	https://arcticwolf.com/resources/blog-uk/arctic-wolf-labs-observes-increased-fog-akira-ransomware-activity-linked-to-sonicwall-ssl-vpn/

URL Provider

Details	Provider	Source level domain
Details	arcticwolf.com	arcticwolf.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	16	✔	Arctic Wolf	https://arcticwolf.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	1	AS64236
Details	Autonomous System Number	3	AS32613
Details	Autonomous System Number	3	AS29802
Details	Autonomous System Number	2	AS43641
Details	Autonomous System Number	5	AS58061
Details	Autonomous System Number	2	AS59711
Details	Autonomous System Number	4	AS62240
Details	Autonomous System Number	2	AS202015
Details	Autonomous System Number	2	AS395092
Details	CVE	84	cve-2024-40766
Details	Domain	88	secretsdump.py
Details	Domain	149	system.security
Details	File	8	veeam-get-creds.ps1
Details	File	85	secretsdump.py
Details	File	345	vssadmin.exe
Details	File	1	7z2407-x64.exe
Details	File	1	aipscanner.exe
Details	File	1	netscan_n.exe
Details	File	53	adfind.exe
Details	File	31	sys.exe
Details	File	367	readme.txt
Details	File	76	mimikatz.exe
Details	File	61	1.bat
Details	File	26	akira_readme.txt
Details	File	7	cryptography.dat
Details	sha1	8	3477a173e2c1005a81d042802ab0f22cc12a4d55
Details	sha1	1	86233a285363c2a6863bf642deab7e20f062b8eb
Details	sha1	1	ce4758849b53af582d2d8a1bc0db20683e139fcc
Details	sha1	1	67396e1aacacb6efbca51f4c03d2017af78c9842
Details	sha1	1	806a232379ad0af437d4bc5b87fb42065dbf82d4
Details	sha1	1	e6b34a589e61b155ab70f11f8f7393316c9a3189
Details	sha1	1	1d345799307c9436698245e7383914b3a187f1ec
Details	sha1	1	ce8de59e2277e9003f3a9c96260ce099ca7cda6c
Details	sha1	1	15035d9f218a4629a8449829eba85b40806f4f59
Details	sha1	1	c26cfb9f9910fe585630940a777022702257548d
Details	sha1	1	8ea2bf726044e98479076d0e64327f7ae7a6e5f2
Details	sha1	1	99ed6135defff6e675d626f742389d6280abdb60
Details	sha1	1	c1f271e5ced7a5badf62042ab882584e45aeab37
Details	sha1	1	8e81daa8c88a1e40c60332917c4ad5fa57acbb23
Details	sha1	1	f5ca50ee8bc9d01760c7d0d4fc0c814cbbf26bc9
Details	sha1	1	03f193a9385cf8fe2429e14aab4862b1627ff9d5
Details	sha1	1	57aed4cf2972b51e0a7d37e9ca0c4b1b6985e1f1
Details	sha1	1	2aab7f60262db7589d83fd7d13c968a6b93f75b9
Details	sha1	1	e7fb4bf69be5ac4583c0c02e26a17bd3cdef4c02
Details	sha1	1	6ae600ccff0741ce420bbd372c931b951094121f
Details	sha1	1	c144446dc23c86c7c9b26ce87c3176866372f6d1
Details	IPv4	2	77.247.126.158
Details	IPv4	1	208.115.232.194
Details	IPv4	2	184.107.5.46
Details	IPv4	2	66.181.33.32
Details	IPv4	2	185.235.137.150
Details	IPv4	2	45.11.59.16
Details	IPv4	1	79.141.173.238
Details	IPv4	1	57.128.101.78
Details	IPv4	2	194.33.45.167
Details	IPv4	2	23.227.162.18
Details	IPv4	2	45.86.208.146
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	22	T1048.003
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	276	T1490