ioc[.]one - OSINT Cyber Threat Intelligence Database

SunCrypt adopts attacking techniques from NetWalker and Maze ransomware

Tags

country:	Germany France Spain
attack-pattern:	Data Ip Addresses - T1590.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	35d7c4e0-0d41-42f1-a36b-8f06c0a37f56
Fingerprint	bc3312f9e24db6d0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 16, 2020, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 12, 2024, 4:47 p.m.
Headline	SunCrypt adopts attacking techniques from NetWalker and Maze ransomware
Title	SunCrypt adopts attacking techniques from NetWalker and Maze ransomware
Detected Hints/Tags/Attributes	52/2/15

Source URLs

	Redirection	Url
Details	Source	https://www.acronis.com/en-us/blog/posts/suncrypt-adopts-attacking-techniques-netwalker-and-maze-ransomware

URL Provider

Details	Provider	Source level domain
Details	acronis.com	www.acronis.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		nbzzb6sa6xuura2z.onion
Details	Domain	2		ebwexiymbsib4rmw.onion
Details	File	229		advapi32.dll
Details	File	9		your_files_are_encrypted.html
Details	File	2		chat.html
Details	md5	5		d87fcd8d2bf450b0056a151e9a116f72
Details	sha1	2		48cb6bdbe092e5a90c778114b2dda43ce3221c9f
Details	sha256	3		e3dea10844aebc7d60ae330f2730b7ed9d18b5eec02ef9fd4a394660e82e2219
Details	sha256	3		3090bff3d16b0b150444c3bfb196229ba0ab0b6b826fa306803de0192beddb80
Details	IPv4	2		91.218.114.0
Details	IPv4	3		91.218.114.30
Details	IPv4	6		91.218.114.31
Details	Url	1		http://ebwexiymbsib4rmw.onion/chat.html?6a1dcf2506
Details	Url	4		http://91.218.114.31
Details	Url	3		http://91.218.114.30