Tailing Big Head Ransomware’s Variants, Tactics, and Impact
Tags
| country: | Belgium Trinidad And Tobago Uzbekistan Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 5465e009-2cb0-4a1a-82bc-460f316770e5 |
| Fingerprint | a634b839a6738695 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 7, 2023, midnight |
| Added to db | Oct. 15, 2024, 9:59 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Tailing Big Head Ransomware’s Variants, Tactics, and Impact |
| Title | Tailing Big Head Ransomware’s Variants, Tactics, and Impact |
| Detected Hints/Tags/Attributes | 89/3/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | File | 25 | ransom.msi |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 4 | archive.exe |
|
| Details | File | 3 | teleratserver.exe |
|
| Details | File | 5 | xarch.exe |
|
| Details | File | 2 | bxiussb.exe |
|
| Details | File | 35 | discord.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 57 | agntsvc.exe |
|
| Details | File | 3 | srvc.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | File | 1 | crypter.bat |
|
| Details | File | 1 | %appdata%\roaming\azz1.exe |
|
| Details | File | 1 | %appdata%\roaming\microsoft\windows\start menu\programmes\startup\server.exe |
|
| Details | File | 1 | azz1.exe |
|
| Details | File | 53 | server.exe |
|
| Details | File | 1 | cypher.ps |
|
| Details | File | 3 | cry.ps1 |
|
| Details | File | 1 | directx.sys |
|
| Details | sha256 | 4 | 2a36d1be9330a77f0bc0f7fdc0e903ddd99fcee0b9c93cb69d2f0773f0afd254 |
|
| Details | sha256 | 3 | 25294727f7fa59c49ef0181c2c8929474ae38a47b350f7417513f1bacf8939ff |
|
| Details | Url | 8 | https://t.me |
|
| Details | Url | 60 | https://github.com |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |