ioc[.]one - OSINT Cyber Threat Intelligence Database

Aki-RATs - Command and Control Party

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Exploit Public-Facing Application
country:	Canada France United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials In Files - T1552.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Account - T1087.002 Domain Account - T1136.002 Domain Accounts - T1078.002 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 Exploit Public-Facing Application - T1377 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 File Transfer Protocols - T1071.002 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Lateral Tool Transfer - T1570 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Ssh - T1021.004 System Services - T1569 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Windows Service - T1543.003 Unsecured Credentials - T1552 Tool - T1588.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Brute Force - T1110 Command-Line Interface - T1059 Create Account - T1136 Credentials In Files - T1081 Exfiltration Over Alternative Protocol - T1048 Exploit Public-Facing Application - T1190 External Remote Services - T1133 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Remote File Copy - T1105 Modify Registry - T1112 Network Service Scanning - T1046 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 Service Execution - T1035 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Data Destruction Exploit Public-Facing Application External Remote Services Remote System Discovery Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	6f748dc7-a2bb-49c8-9bd0-55a9252f8124
Fingerprint	a7b441dc6033be43
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 28, 2023, 8:54 a.m.
Added to db	Aug. 30, 2024, 11:55 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Aki-RATs – Command and Control Party
Title	Aki-RATs - Command and Control Party
Detected Hints/Tags/Attributes	202/4/81

Source URLs

	Redirection	Url
Details	Source	https://www.intrinsec.com/akira_ransomware/

URL Provider

Details	Provider	Source level domain
Details	intrinsec.com	www.intrinsec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	322	✔	Cybersécurité – INTRINSEC	https://www.intrinsec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	23	cve-2023-20269
Details	Domain	34	file.io
Details	Domain	1	netscan.zip
Details	Domain	1	winscp-5.21.8-portable.zip
Details	Domain	1373	twitter.com
Details	Domain	71	news.sophos.com
Details	Domain	9	developers.cloudflare.com
Details	File	1	gcapi.dll
Details	File	39	anydesk.exe
Details	File	1	c:\windows\temp\gcapi.dll
Details	File	1	c:\programdata\gcapi.dll
Details	File	1	openssh.msi
Details	File	1	c:\program files\openssh\sshd.exe
Details	File	28	ssh.exe
Details	File	4	sshd.exe
Details	File	25	teamviewer.exe
Details	File	17	2.zip
Details	File	1	regid.exe
Details	File	34	recentservers.xml
Details	File	2125	cmd.exe
Details	File	1208	powershell.exe
Details	File	25	win.exe
Details	File	26	akira_readme.txt
Details	File	3	wiztree.exe
Details	File	1	wiztree_4_14_portable.zip
Details	File	2	cloudflared.exe
Details	File	7	advanced_ip_scanner.exe
Details	File	1	advanced_ip_scanner_console.exe
Details	File	156	1.exe
Details	File	16	3869.exe
Details	File	1	netscan.zip
Details	File	40	netscan.exe
Details	File	50	3.exe
Details	File	2	0_win64_sponsored-setup.exe
Details	File	16	winscp.exe
Details	File	1	8-portable.zip
Details	File	2	winrar-x64-621.exe
Details	IPv4	2	91.132.92.60
Details	IPv4	2	138.124.184.174
Details	IPv4	2	148.72.168.13
Details	IPv4	2	148.72.171.171
Details	IPv4	2	199.127.60.236
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	51	T1136.001
Details	MITRE ATT&CK Techniques	20	T1136.002
Details	MITRE ATT&CK Techniques	70	T1562.004
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	19	T1048.002
Details	MITRE ATT&CK Techniques	31	T1071.002
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	MITRE ATT&CK Techniques	125	T1110
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	Url	1	https://twitter.com/malgamy12/status/1651972583615602694
Details	Url	1	https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back
Details	Url	3	https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi-servers
Details	Url	3	https://www.bleepingcomputer.com/news/security/meet-akira-a-new-ransomware-operation-targeting-the-enterprise
Details	Url	1	https://developers.cloudflare.com/cloudflare-one/connections/connect-networks
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows