Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Credentials - T1589.001 Email Addresses - T1589.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 New Service - T1050 Powershell - T1086 Regsvr32 - T1117 Rundll32 - T1085 Scheduled Task - T1053 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID 7901c675-823f-4ef7-b271-f4d452cf2a3d
Fingerprint a5f489d907c1966d
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 3, 2021, 12:05 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline UNKNOWN
Title Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Detected Hints/Tags/Attributes 107/2/6
Source URLs
Redirection Url
Details Source https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
Attributes
Details Type #Events CTI Value
Details File 1018 
rundll32.exe
Details File 459 
regsvr32.exe
Details File 376 
wscript.exe
Details File 28 
plink.exe
Details File 21 
ngrok.exe
Details File 1 
wmi4.bat