ioc[.]one - OSINT Cyber Threat Intelligence Database

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Tags

country:	Germany Jordan Saudi Arabia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Desktop Protocol - T1076 Scheduled Task - T1053 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	5fe7feaf-74cd-4d09-901a-3d399c90f11b
Fingerprint	a44188db9976974d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 25, 2022, midnight
Added to db	June 1, 2023, 10:46 a.m.
Last updated	Nov. 17, 2024, 5:56 p.m.
Headline	LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Title	LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Detected Hints/Tags/Attributes	81/3/38

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_hk/research/22/j/lv-ransomware-exploits-proxyshell-in-attack.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	168	cve-2021-34473
Details	CVE	142	cve-2021-34523
Details	CVE	143	cve-2021-31207
Details	CVE	184	cve-2021-26855
Details	CVE	126	cve-2021-27065
Details	File	61	1.bat
Details	File	51	install.bat
Details	File	3	enc_.exe
Details	File	35	2.txt
Details	File	48	trojan.bat
Details	File	20	3.txt
Details	File	3	l7dm4566n-readme.txt
Details	File	3	no.txt
Details	File	3	shortcuts.xml
Details	File	5	trojan.xml
Details	File	9	code.txt
Details	File	5	backdoor.ps1
Details	sha1	4	fc0d749c75ccd5bd8811b98dd055f9fa287286f7
Details	sha1	3	b8ff09abead5baf707b40c84caf58a3a46f1e05a
Details	sha1	3	2e02a6858b4e8dd8b4bb1691b87bc7d5545297bc
Details	sha1	3	f25c9b5f42b19898b2e3df9723bce95cf412a8ff
Details	sha1	3	027889533afe809b68c0955a7fc3cb8f3ae33c08
Details	sha1	3	3ffc87d9b429b64c09fcc26f1561993c3fb698f4
Details	sha1	3	1b67e4672b2734eb1f00967a0d6dd8b8acc9091e
Details	sha1	3	9cb059d2c74266b8a42017df8544ea76daae1e87
Details	sha1	3	97822c165acd1c0fd4ff79bbad146f93f367e18c
Details	sha1	3	9e0026572e3c839356d053cb71b8cbbbacb2627b
Details	sha1	2	b7d57bfbe8aa31bf4cacb960a390e5a519ce2eed
Details	sha1	3	3e4a30a16b1521f8a7d1855b4181f19f8d00b83b
Details	sha1	3	49c35b2916f664e690a5c3ef838681c8978311ca
Details	IPv4	3	185.82.219.201
Details	IPv4	3	138.199.47.184
Details	IPv4	4	195.242.213.155
Details	IPv4	3	213.232.87.177
Details	IPv4	3	91.132.138.213
Details	IPv4	3	91.132.138.221
Details	IPv4	4	182.82.219.201
Details	IPv4	4	185.82.217.131