ioc[.]one - OSINT Cyber Threat Intelligence Database

Ransomware Spotlight: REvil - Security News

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Exploit Public-Facing Application Obfuscated Files Or Information Supply Chain Compromise
country:	Germany Mexico Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Defacement - T1491 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Web Service - T1567 Exploitation For Privilege Escalation - T1404 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Impersonation - T1656 Inhibit System Recovery - T1490 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Private Keys - T1552.004 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Software - T1592.002 Supply Chain Compromise - T1474 System Shutdown/Reboot - T1529 Unsecured Credentials - T1552 Vulnerabilities - T1588.006 Access Token Manipulation - T1134 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Local System - T1005 Drive-By Compromise - T1189 Execution Through Api - T1106 Execution Through Module Load - T1129 Exfiltration Over Alternative Protocol - T1048 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 File And Directory Discovery - T1083 Obfuscated Files Or Information - T1027 Powershell - T1086 Private Keys - T1145 Process Discovery - T1057 Query Registry - T1012 Remote System Discovery - T1018 Security Software Discovery - T1063 Supply Chain Compromise - T1195 System Information Discovery - T1082 Valid Accounts - T1078 User Execution - T1204 Drive-By Compromise Execution Through Api Exploit Public-Facing Application Remote System Discovery Service Stop Supply Chain Compromise Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	12cb3352-9ad4-4eb7-a170-39bb2219668b
Fingerprint	b4859c79b111afcd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 20, 2021, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Ransomware Spotlight: REvil
Title	Ransomware Spotlight: REvil - Security News
Detected Hints/Tags/Attributes	183/4/51

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-revil

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	66	cve-2019-2725
Details	CVE	150	cve-2018-13379
Details	CVE	128	cve-2019-11510
Details	CVE	26	cve-2021-30116
Details	CVE	49	cve-2018-8453
Details	File	198	msmpeng.exe
Details	File	41	mpsvc.dll
Details	File	48	agent.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1208	powershell.exe
Details	File	8	c:\windows\system32\certutil.exe
Details	File	9	c:\windows\cert.exe
Details	File	1	c:\ \agent.crt
Details	File	1	c:\ \agent.exe
Details	File	5	c:\kworking\agent.crt
Details	File	40	netscan.exe
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	52	T1195
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	164	T1574
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	24	T1063
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	48	T1529
Details	MITRE ATT&CK Techniques	65	T1491