Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 19527ae4-b7bd-4444-9f09-809d7fd1d833 |
| Fingerprint | bd0200d18724b6c9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 10, 2024, 10 a.m. |
| Added to db | Sept. 10, 2024, 12:55 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware |
| Title | Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware |
| Detected Hints/Tags/Attributes | 117/2/26 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 256 | ✔ | Unit 42 | https://unit42.paloaltonetworks.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 25 | cve-2024-1708 |
|
| Details | CVE | 29 | cve-2024-1709 |
|
| Details | Domain | 59 | torproject.org |
|
| Details | Domain | 1 | cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 1 | c:\users\public\psexec0.exe |
|
| Details | File | 1 | c:\users\public\locker.exe |
|
| Details | File | 3 | c:\programdata\found_shares.txt |
|
| Details | File | 1 | c:\programdata\rclone.exe |
|
| Details | File | 21 | locker.exe |
|
| Details | File | 18 | iisreset.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 23 | 'wevtutil.exe |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 13 | -data.txt |
|
| Details | File | 2125 | cmd.exe |
|
| Details | sha256 | 2 | 8ec114b29c7f2406809337b6c68ab30b0b7f0d1647829d56125e84662b84ea74 |
|
| Details | sha256 | 2 | 0260258f6f083aff71c7549a6364cb05d54dd27f40ca1145e064353dd2a9e983 |
|
| Details | sha256 | 2 | 2d73b3aefcfbb47c1a187ddee7a48a21af7c85eb49cbdcb665db07375e36dc33 |
|
| Details | sha256 | 2 | 3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab |
|
| Details | sha256 | 2 | 56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7 |
|
| Details | IPv4 | 1 | 103.42.240.37 |
|
| Details | IPv4 | 1 | 91.238.181.238 |
|
| Details | Url | 27 | https://torproject.org |
|
| Details | Windows Registry Key | 17 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters |