IT Management Platform Kaseya Hit With Sodinokibi REvil Ransomware Attack
Tags
country: Argentina Belgium Netherlands Laos Moldova Trinidad And Tobago Uzbekistan Romania Russia Syria Togo Tokelau
attack-pattern: Data Dll Side-Loading - T1574.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 38c1c719-13e2-41a0-bfbc-14d7312c663b
Fingerprint 8767b8f8c456af4b
Analysis status DONE
Considered CTI value 2
Text language
Published July 4, 2021, midnight
Added to db Oct. 15, 2024, 3:12 p.m.
Last updated Nov. 12, 2024, 6:45 p.m.
Headline IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack
Title IT Management Platform Kaseya Hit With Sodinokibi REvil Ransomware Attack
Detected Hints/Tags/Attributes 56/2/8
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ie/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_ph/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_se/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_id/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_ae/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_no/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_gb/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
Details Source https://www.trendmicro.com/en_ca/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 26 
cve-2021-30116
Details File 48 
agent.exe
Details File 41 
mpsvc.dll
Details File 13 
agent.crt
Details sha256 10 
d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e
Details sha256 8 
e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2
Details sha256 11 
8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd
Details sha256 2 
2093c195b6c1fd6ab9e1110c13096c5fe130b75a84a27748007ae52d9e951643