Nemty Ransomware Deployed via Payment Service Phish
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Drive-By Compromise - T1189 |
Common Information
| Type | Value |
|---|---|
| UUID | 403e11ad-8ab8-454d-a778-ab71b278e182 |
| Fingerprint | b5078890893b9e62 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 5, 2019, noon |
| Added to db | Nov. 9, 2023, 12:51 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Nemty Ransomware Deployed via Payment Service Phish |
| Title | Nemty Ransomware Deployed via Payment Service Phish |
| Detected Hints/Tags/Attributes | 50/2/21 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 346 | ✔ | Optiv Blog | https://www.optiv.com/resources/blog/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 92 | cve-2018-4878 |
|
| Details | Domain | 1 | pp-back.info |
|
| Details | Domain | 51 | reg.ru |
|
| Details | Domain | 1 | dp-ip.com |
|
| Details | Domain | 5 | api.db-ip.com |
|
| Details | File | 1 | cashback.exe |
|
| Details | File | 14 | temp.exe |
|
| Details | File | 1 | ironman.exe |
|
| Details | File | 1 | iron.bmp |
|
| Details | File | 1 | _-decrypt.txt |
|
| Details | File | 4 | api.db |
|
| Details | md5 | 1 | ed431f3209eb43d80fc3dbea1e994c9a |
|
| Details | md5 | 1 | 2e53705a6b9e70444ad77f274d741cd7 |
|
| Details | md5 | 1 | cbabf86a14c5b5da2fa40245fd69074a |
|
| Details | IPv4 | 9 | 28.0.0.161 |
|
| Details | IPv4 | 1 | 104.18.61.21 |
|
| Details | IPv4 | 1 | 104.18.60.21 |
|
| Details | Mandiant Temporary Group Assumption | 22 | TEMP.EXE |
|
| Details | MITRE ATT&CK Techniques | 183 | T1189 |
|
| Details | Url | 1 | http://pp-back.info/cashback.exe |
|
| Details | Url | 1 | http://api.db-ip.com/v2/free/ip |