GitHub - nccgroup/KilledProcessCanary: A canary designed to minimize the impact from certain Ransomware actors
Tags
attack-pattern: Dns - T1071.004 Dns - T1590.002 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003
Show in Graph
Common Information
Type Value
UUID 17ab3427-793f-4182-a87d-a8926cab8533
Fingerprint 641ac96dbb74e1d2
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 1, 2023, midnight
Added to db Feb. 18, 2023, 12:46 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline nccgroup/KilledProcessCanary
Title GitHub - nccgroup/KilledProcessCanary: A canary designed to minimize the impact from certain Ransomware actors
Detected Hints/Tags/Attributes 18/1/17
Source URLs
Redirection Url
Details Source https://github.com/nccgroup/KilledProcessCanary
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 6 
www.nccgroup.com
Details Domain 4128 
github.com
Details Domain 15 
www.carbonblack.com
Details Domain 172 
www.crowdstrike.com
Details Domain 1 
www.canarytokens.org
Details Domain 1 
docs.canarytokens.org
Details File 1 
c:\program files\microsoft sql server\sqlserver.exe
Details File 1 
dns-token.html
Details File 29 
program.cs
Details Github username 33 
nccgroup
Details Url 1 
http://www.nccgroup.com
Details Url 2 
https://github.com/nccgroup/killedprocesscanary
Details Url 1 
https://www.carbonblack.com/blog/vmware-carbon-black-tau-ryuk-ransomware-technical-analysis
Details Url 2 
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware
Details Url 1 
https://www.canarytokens.org
Details Url 1 
https://docs.canarytokens.org/guide/dns-token.html#creating
Details Url 1 
https://github.com/nccgroup/killedprocesscanary/blob/master/program.cs#l241