ioc[.]one - OSINT Cyber Threat Intelligence Database

Stolen certificates in two waves of ransomware and wiper attacks

Tags

country:	Albania Kuwait Iran
attack-pattern:	Data Direct Code Signing - T1553.002 Malware - T1587.001 Malware - T1588.001 Remote Access Software - T1663 Software - T1592.002 Tool - T1588.002 Code Signing - T1116 Remote Access Tools - T1219

Show in Graph

Common Information

Type	Value
UUID	1a779bd1-00aa-4418-8b63-c5cb7980428f
Fingerprint	842bc6b90d7f8581
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 22, 2022, 8 a.m.
Added to db	Dec. 22, 2022, 10:58 a.m.
Last updated	Oct. 15, 2024, 5:24 p.m.
Headline	Ransomware and wiper signed with stolen certificates
Title	Stolen certificates in two waves of ransomware and wiper attacks
Detected Hints/Tags/Attributes	59/2/20

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/ransomware-and-wiper-signed-with-stolen-certificates/108350/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	162	✔	—	https://media.cert.europa.eu/rss?type=category&id=APTFilter&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	1	pdftodoc.exe
Details	File	4	mellona.exe
Details	File	3	disksnapshot.exe
Details	File	1	diskdump.sys
Details	File	5	goxml.exe
Details	File	24	cl.exe
Details	File	1	disksdump.sys
Details	md5	1	96eabcc77a6734ea8587599685fbf1b4
Details	md5	1	653ee44c85bc91d12ec33dfed8056c27
Details	md5	1	64cb923be15ae255b82e7ebcf24ccfc5
Details	md5	1	81CA8B811412284938148FC4F2A76C09
Details	md5	4	bbe983dba3bf319621b447618548b740
Details	md5	4	7b71764236f244ae971742ee1bc6b098
Details	md5	1	C7BE7E90F63DADA6CD541FA84880874B
Details	md5	1	015caeec9148194054b5b1de64762a43
Details	sha1	1	6a36962709abbfc1f88f87e7fe88a417302bfe43
Details	sha1	1	e1b8b72fbd1e3b9bbf8bebd2e14a3f2e071c6048
Details	sha256	1	8ad01b028e6aa711d26879d346a7bef82516e372e0f14e8e69db6aef0f25d992
Details	sha256	1	d8ec8ec8dfa582c44e81b8a7fcc44defc3d2fa658f75fa495124aedc3b0db367
Details	Pdb	1	c:\projects\rawdisk\bin\wnet\fre\amd64\rawdsk3.pdb