What You Need to Know About the LockerGoga Ransomware - Security News
Tags
country: France Norway
attack-pattern: Data Direct Credentials - T1589.001 Javascript - T1059.007 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Brute Force - T1110
Show in Graph
Common Information
Type Value
UUID 230ca75d-6f70-4ed8-b377-6f3b3175b81f
Fingerprint 3792b07bb095afcc
Analysis status DONE
Considered CTI value 2
Text language
Published March 20, 2019, midnight
Added to db Feb. 18, 2023, 12:40 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline What You Need to Know About the LockerGoga Ransomware
Title What You Need to Know About the LockerGoga Ransomware - Security News
Detected Hints/Tags/Attributes 87/2/14
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/what-you-need-to-know-about-the-lockergoga-ransomware/
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details File 4 
readme_locked.txt
Details File 76 
netsh.exe
Details File 14 
ryukreadme.txt
Details File 4 
readme-now.txt
Details File 165 
csrss.exe
Details File 1260 
explorer.exe
Details File 6 
lsaas.exe
Details File 351 
recycle.bin
Details File 345 
vssadmin.exe
Details sha1 1 
f047f4f4aa45c4ad3f158462178c0cfcc7373fe2
Details sha1 2 
37cdd1e3225f8da596dc13779e902d8d13637360
Details sha1 1 
b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b
Details Windows Registry Key 1 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session00
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run