Unwrapping the emerging Interlock ransomware attack
Tags
cmtmf-attack-pattern: Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Kerberoasting - T1558.003 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Thread Local Storage - T1055.005 Tool - T1588.002 Vulnerabilities - T1588.006 Kerberoasting - T1208 Masquerading - T1036 Powershell - T1086 Remote Desktop Protocol - T1076 Rundll32 - T1085 Masquerading
Show in Graph
Common Information
Type Value
UUID 35e9fe80-66a5-4720-bfe9-d09bd9e171ab
Fingerprint 8422381b1636b605
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 7, 2024, 6 a.m.
Added to db Nov. 7, 2024, 12:52 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Cisco Talos Blog
Title Unwrapping the emerging Interlock ransomware attack
Detected Hints/Tags/Attributes 110/3/17
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/emerging-interlock-ransomware/
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 68 Cisco Talos Blog https://blog.talosintelligence.com/rss/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
2mail.co
Details Domain 4 
apple-online.shop
Details Domain 904 
snort.org
Details File 2 
upd_2327991.exe
Details File 18 
chromesetup.exe
Details File 2125 
cmd.exe
Details File 2 
cht.exe
Details File 2 
klg.dll
Details File 1018 
rundll32.exe
Details File 2 
sysmon.sys
Details File 2 
tfsysmon.sys
Details File 41 
key4.db
Details File 3 
chrgetpdsi.txt
Details File 3 
conhost.txt
Details File 137 
conhost.exe
Details File 351 
recycle.bin
Details File 143 
thumbs.db