BlackCat, ALPHV
Tags
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086 Remote Services - T1021 |
Common Information
| Type | Value |
|---|---|
| UUID | 74c82422-ddc9-468c-928a-8164e5c58ce0 |
| Fingerprint | 372e7a6f10d45b62 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 1, 2021, 8 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | BlackCat, ALPHV |
| Detected Hints/Tags/Attributes | 51/1/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.com/2021/12/blackcat-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 15 | malware.ai |
|
| Details | Domain | 3 | zujgzbu5y64xbmvc42addp4lxkoosb4tslf5mehnh7pvqjpwxn5gokyd.onion |
|
| Details | Domain | 1 | torprojoject.org |
|
| Details | Domain | 3 | mu75ltv3lxd24dbyu6gtvmnwybecigs5auki7fces437xvvflzva2nqd.onion |
|
| Details | Domain | 93 | bazaar.abuse.ch |
|
| Details | File | 15 | malware.ai |
|
| Details | File | 5 | 1.db |
|
| Details | File | 2 | recover-sykffle-files.txt |
|
| Details | File | 33 | config.msi |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 1 | nthumbs.db |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 66 | ntuser.ini |
|
| Details | File | 172 | dllhost.exe |
|
| Details | File | 1 | keller.exe |
|
| Details | File | 1 | 3ddxzjjjn.dll |
|
| Details | File | 1 | c:\users\user\appdata\local\temp\3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.exe |
|
| Details | File | 1 | recover-jkkcgdp-files.txt |
|
| Details | File | 1 | recover-yicrlka-files.txt |
|
| Details | File | 3 | alpha.exe |
|
| Details | md5 | 1 | aea5d3cced6725f37e2c3797735e6467 |
|
| Details | md5 | 1 | 2c3e267ae163c15bfc251e74ea5319b2 |
|
| Details | sha1 | 2 | 087497940a41d96e4e907b6dc92f75f4a38d861a |
|
| Details | sha256 | 8 | 3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83 |
|
| Details | Url | 1 | https://torprojoject.org |
|
| Details | Url | 1 | https://bazaar.abuse.ch/browse/tag/blackcat |