FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware
Tags
| country: | France Iran Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 2ec3ae41-81cb-4925-8ae3-6eda2affa17b |
| Fingerprint | 962a21930735a7cb |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | July 20, 2023, midnight |
| Added to db | Aug. 13, 2023, 1:04 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware |
| Title | FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware |
| Detected Hints/Tags/Attributes | 70/3/10 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 32 | ✔ | EclecticIQ Blog | https://blog.eclecticiq.com/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 49 | eclecticiq.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 280 | thehackernews.com |
|
| Details | 47 | research@eclecticiq.com |
||
| Details | File | 2 | hackers-steal-20-million-by-exploiting.html |
|
| Details | Threat Actor Identifier - APT | 121 | APT42 |
|
| Details | Threat Actor Identifier - FIN | 68 | FIN8 |
|
| Details | Url | 3 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor |
|
| Details | Url | 2 | https://thehackernews.com/2023/07/hackers-steal-20-million-by-exploiting.html |
|
| Details | Url | 2 | https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos |