From OneNote to RansomNote: An Ice Cold Intrusion
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 0f32cbd9-031c-4598-954e-d7c35de9bbc5 |
| Fingerprint | 9620a5dda18a8410 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 1, 2024, 12:04 a.m. |
| Added to db | Aug. 31, 2024, 8:26 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | From OneNote to RansomNote: An Ice Cold Intrusion |
| Title | From OneNote to RansomNote: An Ice Cold Intrusion |
| Detected Hints/Tags/Attributes | 210/3/124 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 249 | ✔ | The DFIR Report | https://thedfirreport.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | mrassociattes.com |
|
| Details | Domain | 73 | schemas.microsoft.com |
|
| Details | Domain | 1 | aerilaponawki.com |
|
| Details | Domain | 1 | klindriverfor.com |
|
| Details | Domain | 2 | alishaskainz.com |
|
| Details | Domain | 2 | halicopnow.com |
|
| Details | Domain | 2 | msc-mvc-updates.com |
|
| Details | Domain | 2 | microsoftinternetsafety.net |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 5 | download.anydesk.com |
|
| Details | Domain | 1 | nokoleakb76znymx443veg4n6fytx6spck6pc7nkr4dvfuygpub6jsid.onion |
|
| Details | Domain | 2 | hl66646wtlp2naoqnhattngigjp5palgqmbwixepcjyq5i534acgqyad.onion |
|
| Details | Domain | 2 | snatchteam.top |
|
| Details | Domain | 1 | 909.one |
|
| Details | Domain | 10 | detection.fyi |
|
| Details | Domain | 9 | sigmasearchengine.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | File | 1 | 62.gif |
|
| Details | File | 1 | c:\programdata\coim.jpg |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 1 | funa2.exe |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 1 | cadiak.dll |
|
| Details | File | 34 | license.dat |
|
| Details | File | 6 | c:\programdata\anydesk.exe |
|
| Details | File | 1 | coim.jpg |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 127 | c:\windows\system32\rundll32.exe |
|
| Details | File | 29 | c:\windows\system32\lsass.exe |
|
| Details | File | 36 | c:\windows\system32\ntdll.dll |
|
| Details | File | 20 | c:\windows\system32\kernelbase.dll |
|
| Details | File | 2 | ad.bat |
|
| Details | File | 53 | adfind.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 3 | htable.xsl |
|
| Details | File | 6 | ns.bat |
|
| Details | File | 1 | nsser.bat |
|
| Details | File | 26 | install.ps1 |
|
| Details | File | 1 | agaloz.dll |
|
| Details | File | 1 | c:\programdata\install.ps1 |
|
| Details | File | 39 | anydesk.exe |
|
| Details | File | 1 | c:\programdata\any --start-with-win --silent cmd.exe |
|
| Details | File | 1 | c:\programdata\any\anydesk.exe |
|
| Details | File | 54 | mmc.exe |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 1 | nokonoko-readme.txt |
|
| Details | File | 1 | get_id.bat |
|
| Details | File | 49 | nltest.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | Github username | 19 | the-dfir-report |
|
| Details | md5 | 1 | 5f4d630ef00656726401b205ae4dc88f |
|
| Details | md5 | 1 | d1da347e78bf043e2dc61638e946c3da |
|
| Details | md5 | 1 | a59a7916156c52f732b4c2e321facfe1 |
|
| Details | md5 | 1 | b1f5e4774aa79f643350218df61e33f6 |
|
| Details | md5 | 1 | 76a1f94ed6499b99d2cc500998846875 |
|
| Details | md5 | 1 | f927cd4f40c7a6dad769a8f9af771a8c |
|
| Details | md5 | 5 | 8800e6f1501f69a0a04ce709e9fa251c |
|
| Details | sha1 | 1 | aa8f2d6d98aa535e05685076ca02f781c2aa6464 |
|
| Details | sha1 | 1 | d87a3c22771b1106a1a52d96df7b2944d93fa184 |
|
| Details | sha1 | 1 | 8c949a7769d16c285347f650ef2eedac01dc1805 |
|
| Details | sha1 | 1 | f1e7994c6568f0182a60f64557c7793df5e550ed |
|
| Details | sha1 | 1 | ca14d61bcf038cda45199f54c7c452ad262a7c88 |
|
| Details | sha1 | 1 | 0fdfef7c9cc4305df81b006e898e1592aa822437 |
|
| Details | sha1 | 1 | 72a1c9ea93d18309769d8be5cdb3daedf1cddcf5 |
|
| Details | sha256 | 1 | 9c337d27dab65fc3f4b88666338e13416f218ab75c4b5e37cc396241c225efe8 |
|
| Details | sha256 | 1 | 1ab812f7d829444dc703eeb02ea0a955ec839d5e2a9b619d44ac09a91135cad1 |
|
| Details | sha256 | 1 | eae2bce6341ff7059b9382bfa0e0daa337ea9948dd729c0c1e1ee9c11c1c0068 |
|
| Details | sha256 | 1 | b378c2aa759625de2ad1be2c4045381d7474b82df7eb47842dc194bb9a134f76 |
|
| Details | sha256 | 1 | d6127d614309acbf2a630fe3fb0fda8e4079dcf2045f91aa400d179751d425f7 |
|
| Details | sha256 | 1 | 06bbb36baf63bc5cb14d7f097745955a4854a62fa3acef4d80c61b4fa002c542 |
|
| Details | sha256 | 1 | 3c9f4145e310f616bd5e36ca177a3f370edc13cf2d54bb87fe99972ecf3f09b4 |
|
| Details | IPv4 | 2 | 91.215.85.183 |
|
| Details | IPv4 | 1 | 193.149.129.131 |
|
| Details | IPv4 | 1 | 5.255.102.167 |
|
| Details | IPv4 | 1 | 45.61.139.206 |
|
| Details | IPv4 | 1 | 5.255.105.55 |
|
| Details | IPv4 | 3 | 162.33.178.40 |
|
| Details | IPv4 | 1 | 20.69.178.82 |
|
| Details | IPv4 | 1 | 152.89.196.49 |
|
| Details | IPv4 | 1 | 185.29.9.162 |
|
| Details | IPv4 | 1 | 45.155.204.5 |
|
| Details | IPv4 | 1 | 3.63.2.1 |
|
| Details | IPv4 | 1 | 174.138.188.6 |
|
| Details | MITRE ATT&CK Techniques | 21 | T1036.008 |
|
| Details | MITRE ATT&CK Techniques | 89 | T1552.001 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1039 |
|
| Details | MITRE ATT&CK Techniques | 74 | T1069.002 |
|
| Details | MITRE ATT&CK Techniques | 124 | T1482 |
|
| Details | MITRE ATT&CK Techniques | 92 | T1048 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
| Details | MITRE ATT&CK Techniques | 168 | T1046 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1218.010 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1219 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1021.001 |
|
| Details | MITRE ATT&CK Techniques | 243 | T1018 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1218.011 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1518.001 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 230 | T1033 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 180 | T1543.003 |
|
| Details | Url | 1 | http://mrassociattes.com/images/62.gif |
|
| Details | Url | 19 | http://schemas.microsoft.com/windows/2004/02/mit/task |
|
| Details | Url | 3 | http://download.anydesk.com/anydesk.exe |
|
| Details | Url | 1 | http://nokoleakb76znymx443veg4n6fytx6spck6pc7nkr4dvfuygpub6jsid.onion |
|
| Details | Url | 1 | http://hl66646wtlp2naoqnhattngigjp5palgqmbwixepcjyq5i534acgqyad.onion |
|
| Details | Url | 1 | http://snatchteam.top |
|
| Details | Url | 1 | https://github.com/the-dfir-report/yara-rules/blob/main/19772/19772.yar |
|
| Details | Windows Registry Key | 26 | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows |