ioc[.]one - OSINT Cyber Threat Intelligence Database

Ransomware + Click Fraud: A New Blended Attack

Tags

attack-pattern:

Data Cloud Services - T1021.007 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Mshta - T1170 Powershell - T1086 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	27c2a5cd-f163-4ff3-a87a-ead281ba3a42
Fingerprint	ac57a9da253aa6ee
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 30, 2017, 6:07 p.m.
Added to db	Jan. 18, 2023, 11:31 p.m.
Last updated	Nov. 18, 2024, 12:28 p.m.
Headline	Ransomware + Click Fraud: A New Blended Attack
Title	Ransomware + Click Fraud: A New Blended Attack
Detected Hints/Tags/Attributes	60/1/10

Source URLs

	Redirection	Url
Details	Source	https://www.netskope.com/blog/ransomware-click-fraud-new-blended-attack/

URL Provider

Details	Provider	Source level domain
Details	netskope.com	www.netskope.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	34		a.txt
Details	File	4		a1.exe
Details	File	3		a2.exe
Details	File	457		mshta.exe
Details	File	461		regsvr32.exe
Details	md5	1		8EBE75D82F77764ECE51CF1ECE191602
Details	md5	1		3DDDF9A48C9B44FDB1E68E0120833398
Details	md5	1		8ec67740b1e648654427267b3e7bbdce
Details	Windows Registry Key	1		HKCU\software\hzmdhvbl\zsiwfgsozs
Details	Windows Registry Key	29		HKEY_CURRENT_USER\Software