ioc[.]one - OSINT Cyber Threat Intelligence Database

RagnarLocker Ransomware Threatens to Release Confidential Information | McAfee Blog

Tags

cmtmf-attack-pattern:	Command-Line Interface Data Encrypted
country:	Azerbaijan Uzbekistan Russia Togo Tokelau
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Command-Line Interface - T1605 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Service Stop - T1489 Software - T1592.002 Software Discovery - T1518 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Data Encrypted - T1022 Disabling Security Tools - T1089 Execution Through Api - T1106 Query Registry - T1012 Security Software Discovery - T1063 System Information Discovery - T1082 System Service Discovery - T1007 System Time Discovery - T1124 Command-Line Interface Execution Through Api Service Stop Standard Application Layer Protocol

Show in Graph

Common Information

Type	Value
UUID	2ec7be5d-8733-49bf-ac86-6e5ceaba408e
Fingerprint	8f02bf19acad030b
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 9, 2020, 4:21 p.m.
Added to db	Nov. 6, 2023, 7:13 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	RagnarLocker Ransomware Threatens to Release Confidential Information
Title	RagnarLocker Ransomware Threatens to Release Confidential Information \| McAfee Blog
Detected Hints/Tags/Attributes	93/3/39

Source URLs

	Redirection	Url
Details	Source	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ragnarlocker-ransomware-threatens-to-release-confidential-information
Details	Source	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ragnarlocker-ransomware-threatens-to-release-confidential-information/

URL Provider

Details	Provider	Source level domain
Details	mcafee.com	www.mcafee.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	333	✔	—	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	35	malware.exe
Details	File	3	dfssvc.exe
Details	File	4	swc_service.exe
Details	File	25	savservice.exe
Details	File	240	wmic.exe
Details	File	351	recycle.bin
Details	File	243	autorun.inf
Details	File	120	boot.ini
Details	File	90	bootfont.bin
Details	File	99	bootsect.bak
Details	File	196	desktop.ini
Details	File	101	iconcache.db
Details	File	193	ntuser.dat
Details	File	100	ntuser.dat.log
Details	File	66	ntuser.ini
Details	File	143	thumbs.db
Details	File	380	notepad.exe
Details	File	1	omniga.exe
Details	md5	1	9f611945f0fe0109fe728f39aad47024
Details	md5	1	489a2424d7a14a26bfcfb006de3cd226
Details	sha1	1	60747604d54a18c4e4dc1a2c209e77a793e64dde
Details	sha1	1	97f45184770693a91054075f8a45290d4d1fc06f
Details	sha256	2	7af61ce420051640c50b0e73e718dd8c55dddfcb58917a3bead9d3ece2f3e929
Details	sha256	2	63096f288f49b25d50f4aea52dc1fc00871b3927fa2a81fa0b0d752b261a3059
Details	sha256	2	9bdd7f965d1c67396afb0a84c78b4d12118ff377db7efdca4a1340933120f376
Details	sha256	2	ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597
Details	sha256	2	9706a97ffa43a0258571def8912dc2b8bf1ee207676052ad1b9c16ca9953fc2c
Details	sha256	2	c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6
Details	sha256	2	dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4
Details	sha256	2	b670441066ff868d06c682e5167b9dbc85b5323f3acfbbc044cabc0e5a594186
Details	sha256	3	68eb2d2d7866775d6bf106a914281491d23769a9eda88fc078328150b8432bb3
Details	sha256	1	1bf68d3d1b89e4f225c947442dc71a4793a3100465c95ae85ce6f7d987100ee1
Details	sha256	2	30dcc7a8ae98e52ee5547379048ca1fc90925e09a2a81c055021ba225c1d064c
Details	sha256	2	3bc8ce79ee7043c9ad70698e3fc2013806244dc5112c8c8d465e96757b57b1e1
Details	sha256	1	63f5b6ed99c559341cf1ad081baf55b4eacad8e46d056764531bd316bf3c3ee3
Details	Url	1	https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools
Details	Windows Registry Key	7	HKLM\SOFTWARE\Microsoft\Cryptography
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Yara rule	1	rule RagnarLocker { meta: author = "McAfee ATR Team" description = "Rule to detect unpacked sample of RagnarLocker" version = "1.0" strings: $a = { 42 81 F1 3C FF 01 AB 03 F1 8B C6 C1 C0 0D 2B F0 3B D7 } condition: $a }