Unransomware: From Zero to Full Recovery in a Blink
Tags
| attack-pattern: | Data Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Hypervisor - T1062 Sudo - T1169 |
Common Information
| Type | Value |
|---|---|
| UUID | 79ec095b-75f2-4947-91f9-57031904555e |
| Fingerprint | bf87185b5741864a |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Nov. 4, 2024, 12:21 a.m. |
| Added to db | Nov. 4, 2024, 1:22 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Unransomware: From Zero to Full Recovery in a Blink |
| Title | Unransomware: From Zero to Full Recovery in a Blink |
| Detected Hints/Tags/Attributes | 41/1/39 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
| Details | 165 | ✔ | Stories by DCSO CyTec Blog on Medium | https://medium.com/@DCSO_CyTec/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | double-pointer.zip |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | File | 1 | server_2-flat.vmdk |
|
| Details | File | 1 | server-ctk.vmdk |
|
| Details | File | 3 | server-flat.vmdk |
|
| Details | File | 1 | server.vmdk |
|
| Details | File | 1 | server_1-ctk.vmdk |
|
| Details | File | 1 | server_1-flat.vmdk |
|
| Details | File | 1 | server_1.vmdk |
|
| Details | File | 1 | server_2-ctk.vmdk |
|
| Details | File | 1 | server_2.vmdk |
|
| Details | File | 26 | akira_readme.txt |
|
| Details | File | 2 | vmware-10.log |
|
| Details | File | 1 | vmware-5.log |
|
| Details | File | 1 | vmware-6.log |
|
| Details | File | 1 | vmware-7.log |
|
| Details | File | 1 | vmware-8.log |
|
| Details | File | 2 | vmware-9.log |
|
| Details | File | 12 | vmware.log |
|
| Details | File | 1 | double-pointer.zip |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 33 | config.msi |
|
| Details | File | 52 | pagefile.sys |
|
| Details | File | 1 | wim440a.tmp |
|
| Details | File | 1 | wim441b.tmp |
|
| Details | File | 1 | wim441c.tmp |
|
| Details | File | 1 | wim441d.tmp |
|
| Details | File | 1 | wim441e.tmp |
|
| Details | File | 1 | wim441f.tmp |
|
| Details | File | 1 | wim442f.tmp |
|
| Details | File | 1 | wim4430.tmp |
|
| Details | File | 1 | wim4431.tmp |
|
| Details | File | 1 | winpepge.sys |
|
| Details | Github username | 1 | mlsorensen |
|
| Details | sha256 | 4 | abba655df92e99a15ddcde1d196ff4393a13dbff293e45f5375a2f61c84a2c7b |
|
| Details | Url | 1 | https://github.com/mlsorensen/vmfs-tools/archive/refs/heads/double-pointer.zip |
|
| Details | Url | 3 | https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi-servers |
|
| Details | Url | 1 | https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve |