Midas Ransomware : Tracing the Evolution of Thanos Ransomware Variants
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 1de64fe4-4fa7-4b84-883a-237d93274ea9 |
| Fingerprint | 261580d82618ae57 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 23, 2022, noon |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:56 p.m. |
| Headline | Midas Ransomware : Tracing the Evolution of Thanos Ransomware Variants |
| Title | Midas Ransomware : Tracing the Evolution of Thanos Ransomware Variants |
| Detected Hints/Tags/Attributes | 75/2/67 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | threatlibrary.zscaler.com |
|
| Details | File | 7 | restore_files_info.txt |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 9 | raccinesettings.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 14 | cntaosmgr.exe |
|
| Details | File | 56 | xfssvccon.exe |
|
| Details | File | 57 | mydesktopqos.exe |
|
| Details | File | 62 | sqlbrowser.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 55 | tbirdconfig.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 55 | sqbcoreservice.exe |
|
| Details | File | 35 | thebat64.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 58 | dbeng50.exe |
|
| Details | File | 29 | ntrtscan.exe |
|
| Details | File | 54 | isqlplussvc.exe |
|
| Details | File | 57 | synctime.exe |
|
| Details | File | 41 | firefoxconfig.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 57 | ocomm.exe |
|
| Details | File | 57 | agntsvc.exe |
|
| Details | File | 52 | infopath.exe |
|
| Details | File | 57 | ocautoupds.exe |
|
| Details | File | 40 | mysqld-opt.exe |
|
| Details | File | 58 | sqlagent.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 99 | steam.exe |
|
| Details | File | 8 | zoolz.exe |
|
| Details | File | 57 | encsvc.exe |
|
| Details | File | 58 | thebat.exe |
|
| Details | File | 16 | tmlisten.exe |
|
| Details | File | 10 | mbamtray.exe |
|
| Details | File | 29 | pccntmon.exe |
|
| Details | File | 60 | mydesktopservice.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 46 | msftesql.exe |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 57 | ocssd.exe |
|
| Details | File | 43 | mysqld-nt.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 61 | dbsnmp.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | md5 | 2 | 3767a7d073f5d2729158578a7006e4c4 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 174 | T1569.002 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 75 | T1010 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1518.001 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 197 | T1489 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | Url | 2 | https://threatlibrary.zscaler.com/?threatname=win32.ransom.thanos |
|
| Details | Url | 2 | https://threatlibrary.zscaler.com/?threatname=win32.ransom.prometheus |
|
| Details | Url | 2 | https://threatlibrary.zscaler.com/?threatname=win32.ransom.spook |
|
| Details | Url | 2 | https://threatlibrary.zscaler.com/?threatname=win32.ransom.haron |
|
| Details | Url | 2 | https://threatlibrary.zscaler.com/?threatname=win32.ransom.midas |
|
| Details | Url | 1 | https://www.zscaler.com/blogs/security-research/midas-ransomware-tracing-evolution-thanos-ransomware-variants |
|
| Details | Windows Registry Key | 2 | HKEY_CURRENT_USER\SOFTWARE\KEYID\myKeyID |