Come funziona il ransomware Knight – Analisi con l’aiuto di Triton
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Python - T1059.006 Software - T1592.002 Hypervisor - T1062 |
Common Information
| Type | Value |
|---|---|
| UUID | 57770d6e-f891-43ee-b34d-ce3dd5b999e5 |
| Fingerprint | b988659be7130614 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 2, 2023, midnight |
| Added to db | Oct. 22, 2023, 9:45 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | CERT-AGID Computer Emergency Response TeamAGID |
| Title | Come funziona il ransomware Knight – Analisi con l’aiuto di Triton |
| Detected Hints/Tags/Attributes | 66/1/61 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 79 | ✔ | CERT-AGID | https://cert-agid.gov.it/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ix86.mnemonic.mov |
|
| Details | Domain | 1 | ix86.register.al |
|
| Details | Domain | 1 | ix86.register.cl |
|
| Details | Domain | 1 | bb.next |
|
| Details | Domain | 1 | ctx.registers.rip |
|
| Details | Domain | 1 | sample.data |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | File | 2 | opkind.reg |
|
| Details | File | 1 | ix86.reg |
|
| Details | File | 1 | ister.rb |
|
| Details | File | 1 | mnemonic.mov |
|
| Details | File | 2 | ctx.reg |
|
| Details | File | 1 | isters.rb |
|
| Details | File | 1 | _pe.dat |
|
| Details | File | 1 | knight_log.txt |
|
| Details | File | 1 | sample.dat |
|
| Details | File | 57 | agntsvc.exe |
|
| Details | File | 61 | dbsnmp.exe |
|
| Details | File | 58 | dbeng50.exe |
|
| Details | File | 57 | encsvc.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 54 | isqlplussvc.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 57 | mydesktopqos.exe |
|
| Details | File | 60 | mydesktopservice.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 57 | ocautoupds.exe |
|
| Details | File | 57 | ocomm.exe |
|
| Details | File | 57 | ocssd.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 74 | onenote.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 92 | powerpnt.exe |
|
| Details | File | 55 | sqbcoreservice.exe |
|
| Details | File | 27 | sql.exe |
|
| Details | File | 99 | steam.exe |
|
| Details | File | 57 | synctime.exe |
|
| Details | File | 55 | tbirdconfig.exe |
|
| Details | File | 58 | thebat.exe |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 56 | xfssvccon.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 9 | vmcompute.exe |
|
| Details | File | 7 | vmms.exe |
|
| Details | File | 15 | vmwp.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 25 | teamviewer.exe |
|
| Details | File | 140 | files.txt |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 33 | config.msi |
|
| Details | IPv4 | 124 | 192.168.0.0 |
|
| Details | IPv4 | 132 | 10.0.0.0 |
|
| Details | IPv4 | 1 | 169.0.0.0 |
|
| Details | IPv4 | 3 | 172.0.0.0 |
|
| Details | IPv4 | 18 | 169.254.0.0 |
|
| Details | IPv4 | 81 | 172.16.0.0 |