勒索软件也放假?假期归来,警惕Wormhole勒索! - 360CERT
Tags
| attack-pattern: | Data Tool - T1588.002 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 601a6682-84b1-4720-b6a4-0d19f7e6b81e |
| Fingerprint | 6d5590d89064ec8e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 9, 2024, 9:14 a.m. |
| Added to db | Aug. 31, 2024, 1:26 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | UNKNOWN |
| Title | 勒索软件也放假?假期归来,警惕Wormhole勒索! - 360CERT |
| Detected Hints/Tags/Attributes | 28/1/67 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://cert.360.cn/report/detail?id=663c2362c09f255b91b17fdd |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 78 | ✔ | 360 CERT | https://cert.360.cn/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT 360 CN | 1 | CERT-R-2024-787 |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 15 | tox.chat |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 1 | www.rg77e642mtchm58h.com |
|
| Details | 1 | dwaynelinette@protonmail.com |
||
| Details | File | 76 | download.html |
|
| Details | File | 1 | casagsservice.exe |
|
| Details | File | 1 | casddnsservice.exe |
|
| Details | File | 1 | caslicenceserver.exe |
|
| Details | File | 1 | casrapservice.exe |
|
| Details | File | 1 | casvirtualdiskservice.exe |
|
| Details | File | 1 | caswebserver.exe |
|
| Details | File | 1 | casxmlservice.exe |
|
| Details | File | 5 | sqlserv.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 36 | httpd.exe |
|
| Details | File | 23 | vssvc.exe |
|
| Details | File | 5 | hipsdaemon.exe |
|
| Details | File | 1 | msgsrv.exe |
|
| Details | File | 6 | qqprotect.exe |
|
| Details | File | 7 | reportingservicesservice.exe |
|
| Details | File | 1 | rusbserver.exe |
|
| Details | File | 58 | sqlagent.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 5 | sunloginclient.exe |
|
| Details | File | 1 | adminconsole.exe |
|
| Details | File | 1 | kscloudguardianx64.exe |
|
| Details | File | 1 | kscloudplatform2x64.exe |
|
| Details | File | 1 | kscoreserver.exe |
|
| Details | File | 1 | kseasyprint.exe |
|
| Details | File | 1 | ksgatewayx64.exe |
|
| Details | File | 12 | qqpcrtp.exe |
|
| Details | File | 1 | gslicensesvr.exe |
|
| Details | File | 1 | bacstray.exe |
|
| Details | File | 13 | sqlmangr.exe |
|
| Details | File | 20 | qqpctray.exe |
|
| Details | File | 4 | qqpcrealtimespeedup.exe |
|
| Details | File | 1 | useruncserver.exe |
|
| Details | File | 1 | casuncline.exe |
|
| Details | File | 1 | kdhrservices.exe |
|
| Details | File | 1 | k3mmainsuspendservice.exe |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 66 | ntuser.ini |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 6 | debuglog.txt |
|
| Details | File | 1 | wormhole.txt |
|
| Details | File | 1 | ruiyouabcd1234.php |
|
| Details | File | 27 | phpinfo.php |
|
| Details | File | 1 | wormholeb.exe |
|
| Details | Github username | 1 | qtox |
|
| Details | md5 | 1 | 8e52cfbf6124d80e32237b858aa2e41b |
|
| Details | md5 | 1 | c903fd67189ac67c68a2dc535246920a |
|
| Details | md5 | 1 | 9671b5149d2850269da42b5e73b53ad1 |
|
| Details | Url | 1 | https://tox.chat/download.htmldownload |
|
| Details | Url | 1 | https://github.com/qtox/qtox/blob/master/readme.mdif |
|
| Details | Url | 1 | http://www.rg77e642mtchm58h.com/wormholeb.exe |