ioc[.]one - OSINT Cyber Threat Intelligence Database

Explained: Sage ransomware | Malwarebytes Labs

Tags

country:	Belgium Latvia Uzbekistan Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	1f847e52-45f5-4551-97fd-39c076ec6fb6
Fingerprint	bc863052246da691
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 29, 2017, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Explained: Sage ransomware
Title	Explained: Sage ransomware \| Malwarebytes Labs
Detected Hints/Tags/Attributes	77/3/37

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2017/03/explained-sage-ransomware/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	Value
Details	Domain	4	7gie6ffnkrjykggd.onion
Details	Domain	31	hshrzd.wordpress.com
Details	File	1	c:\users\tester\appdata\roaming\fkgtk5ju.exe
Details	File	345	vssadmin.exe
Details	File	105	bcdedit.exe
Details	File	46	msftesql.exe
Details	File	58	sqlagent.exe
Details	File	62	sqlbrowser.exe
Details	File	119	sqlservr.exe
Details	File	66	sqlwriter.exe
Details	File	67	oracle.exe
Details	File	57	ocssd.exe
Details	File	61	dbsnmp.exe
Details	File	57	synctime.exe
Details	File	57	mydesktopqos.exe
Details	File	57	agntsvc.exe
Details	File	54	isqlplussvc.exe
Details	File	56	xfssvccon.exe
Details	File	60	mydesktopservice.exe
Details	File	57	ocautoupds.exe
Details	File	57	encsvc.exe
Details	File	41	firefoxconfig.exe
Details	File	55	tbirdconfig.exe
Details	File	57	ocomm.exe
Details	File	57	mysqld.exe
Details	File	43	mysqld-nt.exe
Details	File	40	mysqld-opt.exe
Details	File	58	dbeng50.exe
Details	File	55	sqbcoreservice.exe
Details	md5	1	3686b6642cf6a3d97e368590557ac3f2
Details	md5	1	d8226b7697524c60eddd22a46b588ff7
Details	md5	1	159af0102877e71a1c3f5468bd02a8f3
Details	sha256	1	cb3b94d965a389978a16035ed700c87a780088730989c24c581325340a866c4b
Details	sha256	1	2bb7bd5394b845629c90bb2b43d9655dc9c86347c4c695ab18150d7031b9e41f
Details	Url	1	http://7gie6ffnkrjykggd.onion/login/aqaaaaaaaaaav4nrzsvpkfwppwixq2mqtfwgwlztecdpl_bgpyejfhda
Details	Url	1	https://blog.fortinet.com/2017/02/02/a-closer-look-at-sage-2-0-ransomware-along-with-wise-mitigations
Details	Url	28	https://hshrzd.wordpress.com