ioc[.]one - OSINT Cyber Threat Intelligence Database

C2 With It All: From Ransomware To Carding

Tags

cmtmf-attack-pattern:

Compromise Infrastructure

attack-pattern:

Data Compromise Infrastructure - T1584 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	3f38ab73-b58e-48fb-89cf-47b22ee044fb
Fingerprint	8da5bc997c3284c3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 4, 2019, 11:03 a.m.
Added to db	Oct. 9, 2022, 4:10 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Vulnerability Information
Title	C2 With It All: From Ransomware To Carding
Detected Hints/Tags/Attributes	72/2/46

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2019/11/c2-with-it-all.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		jduuyerm.website
Details	Domain	1		techsupport.org.ru
Details	Domain	1		www.techsupport.org.ru
Details	Domain	1		techsupportlap.icu
Details	Domain	1		techsupportnet.icu
Details	Domain	1		aefawexxr54xrtrt.softether.net
Details	Domain	904		snort.org
Details	File	478		lsass.exe
Details	File	1		c:\users\--redacted--\desktop\p1q135no.exe
Details	File	1		wsdb.bat
Details	File	1		wsdb.ps1
Details	File	1		wsdb.xml
Details	File	1		c32_217061.exe
Details	File	1		c64_217061.exe
Details	File	54		file.exe
Details	File	77		mimikatz.exe
Details	File	1		no135.exe
Details	File	16		sfx.exe
Details	File	26		procdump64.exe
Details	File	1		q108.exe
Details	File	1		q121k.exe
Details	File	1		q135.exe
Details	File	1		q137k.exe
Details	File	1122		svchost.exe
Details	File	1		zap32.exe
Details	File	1		zap64.exe
Details	File	1		q159.exe
Details	sha256	1		d4be15adbbe135d172d5e0afcd191ae740df22de5d3beac98e188a3cf01a036b
Details	sha256	1		a78bacb79d5d229aa8d6c574d1d8386664918a520beebc655975b04a61da1308
Details	sha256	1		e410b949d128ffb513af037355fe777b5b40799001a312843e405070308a3f36
Details	sha256	1		3de852ed3bd3579cd9875108e121ba6fd68a66f8f6948cce072e8013ad1955ea
Details	sha256	1		fa7c7db9d33e1f4193bfe460d1a61096d75315212042a62bb3a30b3077511610
Details	sha256	1		0273d96cef6683e3fb205b8e841579b44bae16ff1e3ab57647b1a9d2947db5c7
Details	sha256	1		bc919680471fd1b631e80c37e83aeb6877f13f4ed47ae22100cf4d60e27a93a4
Details	sha256	1		b9a8710e55bb2d55bbeed9cebb83ac2f18f78818f0c05f18c96f766c8c47e2d9
Details	sha256	1		f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555
Details	sha256	7		16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5
Details	sha256	1		89f8af1eb52f31b011982d7a1ecc1eed25af6c14bf5f317568a3450db5db7247
Details	sha256	1		dcb76dc106e586c6f8bfa82832a66f525a9addb5450912004e92dd578ff2a60a
Details	sha256	1		04d0824f70be3666d79b2a49b85cf6b60b566d7b8cc9efd31195644514fb0cb1
Details	sha256	1		08499612bcf7ccb250438ce8f6eed616511e27c762d66132fef93296007984ac
Details	sha256	1		619f0c489beac9a792b9b42fa6529b3faf4329692fb52d17123ef69733868845
Details	sha256	1		98a4f69eff1f91f63fb74420ee4c16be508aa203d04f66e98b1dcb554def61ee
Details	sha256	1		b1e883222f3205db59ff812c6f6097291df12b1784c9e64eef674ab3a173c07a
Details	IPv4	1		185.254.188.11
Details	IPv4	1		185.212.128.189