Rewterz Threat Alert – FIN8 Utilizes Sardonic Malware Variant to Execute ALPHV Ransomware Attack – Active IOCs
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 2081a73a-9236-42d9-a8f0-cc6b029976e2 |
| Fingerprint | e73d8123ae47ed4c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 20, 2023, 12:08 p.m. |
| Added to db | July 24, 2023, 2:32 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Rewterz Threat Alert – FIN8 Utilizes Sardonic Malware Variant to Execute ALPHV Ransomware Attack – Active IOCs |
| Title | Rewterz Threat Alert – FIN8 Utilizes Sardonic Malware Variant to Execute ALPHV Ransomware Attack – Active IOCs |
| Detected Hints/Tags/Attributes | 49/1/27 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 365 | ✔ | — | https://www.rewterz.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 6 | cve-2023-2913 |
|
| Details | CVE | 6 | cve-2023-28767 |
|
| Details | Domain | 6 | api-cdn.net |
|
| Details | Domain | 6 | git-api.com |
|
| Details | Domain | 6 | api-cdnw5.net |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | md5 | 1 | 10e75f522c3a52532d124e507d1d6561 |
|
| Details | md5 | 1 | bd265f2d3e827e2ffa22417a6334d5fa |
|
| Details | md5 | 1 | 2dad0e66463869b2565449e4c9e84417 |
|
| Details | md5 | 1 | 52aa13beb502a784626b674c76169c08 |
|
| Details | md5 | 1 | 7285d3b9ad2fee1969a22408f7efc324 |
|
| Details | md5 | 1 | 43af915af6a0d60cc5875f69c7fa058b |
|
| Details | sha1 | 1 | ea50aa7c4d8b3097a2e7d8a4c575b08cfabbbdd8 |
|
| Details | sha1 | 1 | 12c3b36ee26b031e6c7b80b7e34b48489bfd108d |
|
| Details | sha1 | 1 | e8d3e810d1752237b2121cde19719c282acecd75 |
|
| Details | sha1 | 1 | ef071f69df4a7ed21526804830d60a67c604228f |
|
| Details | sha1 | 1 | a384c188376b2dc98e855609bb8392f66e3295ac |
|
| Details | sha256 | 4 | 1d3e573d432ef094fba33f615aa0564feffa99853af77e10367f54dc6df95509 |
|
| Details | sha256 | 4 | 48e3add1881d60e0f6a036cfdb24426266f23f624a4cd57b8ea945e9ca98e6fd |
|
| Details | sha256 | 4 | 4db89c39db14f4d9f76d06c50fef2d9282e83c03e8c948a863b58dedc43edd31 |
|
| Details | sha256 | 4 | e4e3a4f1c87ff79f99f42b5bbe9727481d43d68582799309785c95d1d0de789a |
|
| Details | sha256 | 5 | 5b8b732d0bb708aa51ac7f8a4ff5ca5ea99a84112b8b22d13674da7a8ca18c28 |
|
| Details | sha256 | 5 | 72fd2f51f36ba6c842fdc801464a49dce28bd851589c7401f64bbc4f1a468b1a |
|
| Details | IPv4 | 4 | 37.10.71.215 |
|
| Details | Threat Actor Identifier - FIN | 68 | FIN8 |