ioc[.]one - OSINT Cyber Threat Intelligence Database

REvil Ransomware Uses DLL Sideloading | McAfee Blog

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Masquerading
country:	Azerbaijan Belgium Kyrgyzstan Laos Moldova Serbia Tajikistan Trinidad And Tobago Uzbekistan Romania Russia Togo Turkmenistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Model Command And Scripting Interpreter - T1623 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Dll Side-Loading - T1574.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Process Discovery - T1424 System Information Discovery - T1426 Windows Command Shell - T1059.003 Command-Line Interface - T1059 Dll Side-Loading - T1073 Masquerading - T1036 Process Discovery - T1057 System Information Discovery - T1082 Masquerading

Show in Graph

Common Information

Type	Value
UUID	3bcc59eb-89a3-4889-85bd-d17c1a78032d
Fingerprint	8627a8790575ae02
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 16, 2021, 4:49 p.m.
Added to db	Nov. 6, 2023, 7:11 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	REvil Ransomware Uses DLL Sideloading
Title	REvil Ransomware Uses DLL Sideloading \| McAfee Blog
Detected Hints/Tags/Attributes	62/4/12

Source URLs

	Redirection	Url
Details	Source	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/revil-ransomware-uses-dll-sideloading/

URL Provider

Details	Provider	Source level domain
Details	mcafee.com	www.mcafee.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	333	✔	—	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	66		cve-2019-2725
Details	File	198		msmpeng.exe
Details	File	41		mpsvc.dll
Details	File	367		readme.txt
Details	md5	3		5a97a50e45e64db41049fd88a75f2dd2
Details	md5	1		78066a1c4e075941272a86d4a8e49471
Details	MITRE ATT&CK Techniques	333		T1059.003
Details	MITRE ATT&CK Techniques	227		T1574.002
Details	MITRE ATT&CK Techniques	472		T1486
Details	MITRE ATT&CK Techniques	183		T1036.005
Details	MITRE ATT&CK Techniques	433		T1057
Details	MITRE ATT&CK Techniques	1006		T1082