ShadowRoot Ransomware Targeting Turkish Businesses
Tags
country: Turkey Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Direct Credentials - T1589.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 67ac3e9c-1639-46bc-a8ce-f4a1bac956dc
Fingerprint a52118d3b531c7a5
Analysis status DONE
Considered CTI value 0
Text language
Published July 12, 2024, 7:11 a.m.
Added to db Sept. 2, 2024, 1:14 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline ShadowRoot Ransomware Targeting Turkish Businesses
Title ShadowRoot Ransomware Targeting Turkish Businesses
Detected Hints/Tags/Attributes 41/3/22
Source URLs
Redirection Url
Details Source https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses
URL Provider
Details Provider Source level domain
Details forcepoint.com www.forcepoint.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
internet.ru
Details Domain 291 
raw.githubusercontent.com
Details Domain 1 
approveexit.dot
Details Domain 14 
smtp.mail.ru
Details Domain 74 
proton.me
Details Domain 58 
mailfence.com
Details Email 1 
kurumsal.tasilat@internet.ru
Details Email 1 
ran_master_som@proton.me
Details Email 1 
lasmuruk@mailfence.com
Details File 1 
faturadetay_202407.exe
Details File 1 
c:\thedream\rootdesign.exe
Details File 1 
c:\thedream\uninstall.exe
Details File 1 
c:\thedream\uninstall.ini
Details File 1 
rootdesign.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 1208 
powershell.exe
Details File 1 
c:\thedream\log.txt
Details File 1 
approveexit.dot
Details File 367 
readme.txt
Details sha1 1 
cd8fbf0dcdd429c06c80b124caf574334504e99a
Details sha1 1 
1c9629aeb0e6dbe48f9965d87c64a7b8750bbf93
Details Url 1 
https://raw.githubusercontent.com/kurumsaltahsilat/detayfatura/main/pdf.faturadetay_202407.exe