How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Tags
attack-pattern: Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 660a1892-91f6-4f0d-b0b6-77cd82fdff38
Fingerprint b77549f5feb38793
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 22, 2024, midnight
Added to db Oct. 16, 2024, 2:15 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Title How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Detected Hints/Tags/Attributes 66/1/10
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_sg/research/24/h/pressing-pause-on-play-ransomware.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 21 
data.zip
Details File 3 
gt_net.exe
Details File 18 
data.zip
Details File 3 
socks32.dll
Details File 73 
trojan.msi
Details File 122 
psexec.exe
Details File 21 
c:\windows\system32\reg.exe
Details File 165 
reg.exe
Details File 17 
c:\windows\system32\taskmgr.exe
Details Windows Registry Key 26 
HKLM\SYSTEM\CurrentControlSet\Control\Terminal