Understanding REvil: REvil Threat Actors May Have Returned (Updated)
Tags
country: Brazil France India Israel Japan Russia Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Bits Jobs - T1197 Powershell - T1086 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 6f59fdd4-ccc0-45e7-a6e2-d5e8ab301f48
Fingerprint a62d9cbf9709870d
Analysis status DONE
Considered CTI value 2
Text language
Published June 3, 2022, 8 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Understanding REvil: REvil Threat Actors May Have Returned (Updated)
Title Understanding REvil: REvil Threat Actors May Have Returned (Updated)
Detected Hints/Tags/Attributes 121/3/7
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/revil-threat-actors/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 24 
cve-2021-20016
Details CVE 126 
cve-2021-27065
Details CVE 184 
cve-2021-26855
Details Domain 5 
decoder.re
Details File 4 
dontsleep.exe
Details File 95 
wevtutil.exe
Details sha256 1 
0c10cf1b1640c9c845080f460ee69392bfaac981a4407b607e8e30d2ddf903e8