ioc[.]one - OSINT Cyber Threat Intelligence Database

Dark Web Profile: Medusa Ransomware (MedusaLocker)

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter
country:	France United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Command And Scripting Interpreter - T1623 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Exfiltration Over Alternative Protocol - T1639 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Safe Mode Boot - T1562.009 Service Stop - T1489 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Brute Force - T1110 Bypass User Account Control - T1088 Command-Line Interface - T1059 Exfiltration Over Alternative Protocol - T1048 External Remote Services - T1133 File And Directory Discovery - T1083 Remote File Copy - T1105 Network Share Discovery - T1135 Powershell - T1086 Query Registry - T1012 Remote Services - T1021 Windows Management Instrumentation - T1047 Valid Accounts - T1078 External Remote Services Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	205a39f0-b22e-4a31-8138-929f44e3e06d
Fingerprint	17d70c3813f42e4b
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 5, 2023, 2:50 p.m.
Added to db	Oct. 24, 2023, 1:13 p.m.
Last updated	Nov. 17, 2024, 5:56 p.m.
Headline	Dark Web Profile: Medusa Ransomware (MedusaLocker)
Title	Dark Web Profile: Medusa Ransomware (MedusaLocker)
Detected Hints/Tags/Attributes	88/4/41

Source URLs

	Redirection	Url
Details	Source	https://socradar.io/dark-web-profile-medusa-ransomware-medusalocker/

URL Provider

Details	Provider	Source level domain
Details	socradar.io	socradar.io

Attributes

Details	Type	#Events	Value
Details	CVE	5	cve-2022-2295
Details	Domain	1	jpz.nz
Details	Domain	396	protonmail.com
Details	Domain	2	exorints.com
Details	Domain	68	keemail.me
Details	Domain	1174	gmail.com
Details	Domain	4	wholeness.business
Details	Domain	3	excic.com
Details	Domain	1	prontonmail.com
Details	Domain	3	sitesoutheat.com
Details	Domain	167	tutanota.com
Details	Domain	272	outlook.com
Details	Domain	144	cock.li
Details	Domain	85	onionmail.org
Details	Domain	3	atacdi.com
Details	Domain	5	decorous.cyou
Details	Email	1	unlockmeplease@protonmail.com
Details	Email	2	support@exorints.com
Details	Email	5	rpd@keemail.me
Details	Email	2	lockperfection@gmail.com
Details	Email	2	ithelp01@wholeness.business
Details	Email	3	777decoder777@protonmail.com
Details	Email	3	dec_helper@excic.com
Details	Email	1	dec_restore@prontonmail.com
Details	Email	3	bitcoin@sitesoutheat.com
Details	Email	1	best666decoder@tutanota.com
Details	Email	1	best666decoder@protonmail.com
Details	Email	2	encrypt2020@outlook.com
Details	Email	3	decoder83540@cock.li
Details	Email	1	gsupp@onionmail.org
Details	Email	2	encrypt2020@cock.li
Details	Email	3	helper@atacdi.com
Details	Email	2	ithelp@decorous.cyou
Details	Email	1	helptorestore@outlook.com
Details	File	4	how_to_recover_data.html
Details	File	11	instructions.html
Details	File	2	readinstruction.html
Details	File	1	how_to_recovery.txt
Details	File	1	readinstructions.html
Details	File	2	recovery_instructions.html
Details	File	1	recovery_instruction.html