ioc[.]one - OSINT Cyber Threat Intelligence Database

#StopRansomware: BianLian Ransomware Group | CISA

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Develop Capabilities Scheduled Task/Job
country:	Australia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Clipboard Data - T1414 Cloud Account - T1087.004 Cloud Account - T1136.003 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials In Files - T1552.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Develop Capabilities - T1587 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Domain Groups - T1069.002 Domain Trust Discovery - T1482 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Firmware - T1592.003 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Local Account - T1087.001 Local Account - T1136.001 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Ntds - T1003.003 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Command Shell - T1059.003 Transfer Data To Cloud Account - T1537 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Account Manipulation - T1098 Brute Force - T1110 Clipboard Data - T1115 Command-Line Interface - T1059 Create Account - T1136 Credential Dumping - T1003 Credentials In Files - T1081 Exfiltration Over Alternative Protocol - T1048 External Remote Services - T1133 File And Directory Discovery - T1083 Remote File Copy - T1105 Modify Registry - T1112 Network Service Scanning - T1046 Network Share Discovery - T1135 Permission Groups Discovery - T1069 Powershell - T1086 Query Registry - T1012 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Rundll32 - T1085 Scheduled Task - T1053 Scripting - T1064 System Owner/User Discovery - T1033 Valid Accounts - T1078 External Remote Services Remote System Discovery Scripting Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	5f17d539-ca1d-4fd9-b74a-72f7493d7c9b
Fingerprint	f09640708f31b504
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 16, 2023, noon
Added to db	Aug. 12, 2023, 2:51 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	#StopRansomware: BianLian Ransomware Group
Title	#StopRansomware: BianLian Ransomware Group \| CISA
Detected Hints/Tags/Attributes	211/4/77

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	257	✔	—	https://us-cert.cisa.gov/ncas/alerts.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	217	cve-2020-1472
Details	Domain	41	stopransomware.gov
Details	Domain	88	secretsdump.py
Details	Domain	2	qtox.github.io
Details	Domain	85	onionmail.org
Details	Domain	54	mail2tor.com
Details	Domain	16	cyber.gov.au
Details	Domain	152	cisa.gov
Details	Domain	360	attack.mitre.org
Details	Email	3	swikipedia@onionmail.org
Details	File	2	stix.json
Details	File	40	netscan.exe
Details	File	85	secretsdump.py
Details	File	4	exp.exe
Details	File	46	system.exe
Details	File	8	encryptor.exe
Details	File	13	instruction.txt
Details	File	256	net.exe
Details	File	2126	cmd.exe
Details	File	478	lsass.exe
Details	File	1018	rundll32.exe
Details	File	27	c:\windows\system32\comsvcs.dll
Details	File	17	quser.exe
Details	File	22	dism.exe
Details	File	9	dump.exe
Details	File	1	ldap.exe
Details	File	76	netsh.exe
Details	File	76	ping.exe
Details	File	165	reg.exe
Details	File	30	s.exe
Details	File	88	1.txt
Details	File	249	schtasks.exe
Details	File	2	crundll32.exe
Details	File	1	c:\programdata\netsh.dll
Details	File	2	netsh.dll
Details	File	1208	powershell.exe
Details	sha256	3	7b15f570a23a5c5ce8ff942da60834a9d0549ea3ea9f34f900a09331325df893
Details	sha256	7	1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43
Details	sha256	2	0c1eb11de3a533689267ba075e49d93d55308525c04d6aff0d2c54d1f52f5500
Details	sha256	2	40126ae71b857dd22db39611c25d3d5dd0e60316b72830e930fba9baf23973ce
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	51	T1136.001
Details	MITRE ATT&CK Techniques	112	T1098
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	67	T1003.003
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	70	T1562.004
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	33	T1537
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	289	T1003
Details	Url	1	https://qtox.github.io
Details	Url	1	https://attack.mitre.org/versions/v12/techniques/t1003/001/.
Details	Windows Registry Key	6	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SAVService\TamperProtection