REvil Ransomware-as-a-Service: An analysis of a ransomware affiliate…
Tags
country: Azerbaijan Belgium Ethiopia Latvia Lithuania Trinidad And Tobago Uzbekistan Romania Russia Togo Tokelau
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Whois - T1596.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 28b0acba-2990-4a15-8232-562a0e051749
Fingerprint 3e95d87bf409df4d
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Jan. 28, 2023, midnight
Added to db Nov. 6, 2023, 7:32 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline REvil Ransomware-as-a-Service: An analysis of a ransomware affiliate operation
Title REvil Ransomware-as-a-Service: An analysis of a ransomware affiliate…
Detected Hints/Tags/Attributes 123/2/48
Source URLs
Redirection Url
Details Source https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation
Details Source https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
URL Provider
Details Provider Source level domain
Details intel471.com intel471.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 138 Intel471 https://intel471.com/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 66 
cve-2019-2725
Details CVE 49 
cve-2018-8453
Details Domain 2 
andersongilmour.co.uk
Details Domain 47 
intel471.com
Details Domain 98 
www.secureworks.com
Details Domain 2 
www.kpn.com
Details Domain 2 
blag.nullteilerfrei.de
Details Domain 4127 
github.com
Details Domain 59 
torproject.org
Details Domain 5 
aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion
Details Domain 2 
decryptor.cc
Details Domain 21 
cr.yp.to
Details Domain 2 
sweering.fr
Details Domain 2 
shiresresidential.com
Details Domain 2 
bogdanpeptine.ro
Details Domain 2 
ruralarcoiris.com
Details Domain 2 
echtveilig.nl
Details File 115 
win32k.sys
Details File 2 
tracking-revil.htm
Details File 2125 
cmd.exe
Details File 345 
vssadmin.exe
Details File 120 
boot.ini
Details File 193 
ntuser.dat
Details File 101 
iconcache.db
Details File 243 
autorun.inf
Details File 99 
bootsect.bak
Details File 196 
desktop.ini
Details File 143 
thumbs.db
Details File 66 
ntuser.ini
Details File 100 
ntuser.dat.log
Details File 90 
bootfont.bin
Details File 15 
-readme.txt
Details Github username 1 
udp
Details Github username 1 
vstakhov
Details sha256 1 
6953d86d09cb8ed34856b56f71421471718ea923cd12c1e72224356756db2ef1
Details sha256 1 
372c8276ab7cad70ccf296722462d7b8727e8563c0bfe4344184e1bc3afc27fc
Details sha256 1 
ec0c653d5e10fec936dae340bf97c88f153cc0cdf7079632a38a19c876f3c4fe
Details Url 252 
https://medium.com
Details Url 3 
https://www.secureworks.com/research/revil-sodinokibi-ransomware
Details Url 1 
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us
Details Url 2 
https://www.kpn.com/security-blogs/tracking-revil.htm
Details Url 2 
https://blag.nullteilerfrei.de/2020/02/02/defeating-sodinokibi-revil-string-obfuscation-in-ghidra
Details Url 1 
https://github.com/udp/json-parser
Details Url 27 
https://torproject.org
Details Url 3 
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion
Details Url 1 
http://decryptor.cc
Details Url 1 
https://github.com/vstakhov/opt-cryptobox/tree/master/curve25519
Details Url 1 
https://cr.yp.to/snuffle/salsa20/merged/salsa20.c