Ongoing email campaign spreading GlobeImposter Ransomware
Tags
| attack-pattern: | Data Cloud Services - T1021.007 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 62398692-a5f1-4f75-9677-ce1d37a950bc |
| Fingerprint | a455a9dbad2ebe6c |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 5, 2017, 8:38 p.m. |
| Added to db | Jan. 18, 2023, 11:31 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Ongoing email campaign spreading GlobeImposter Ransomware |
| Title | Ongoing email campaign spreading GlobeImposter Ransomware |
| Detected Hints/Tags/Attributes | 47/1/9 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 285 | microsoft.net |
|
| Details | File | 1 | backdoor.vb |
|
| Details | File | 1 | inv-000993.7z |
|
| Details | File | 1 | inv-000695.vbs |
|
| Details | File | 1 | inczr.exe |
|
| Details | File | 1 | __t7609.tmp |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 9 | read_me.html |
|
| Details | Windows Registry Key | 19 | HKEY_CURRENT_USER\Software\Microsoft\Terminal |