ioc[.]one - OSINT Cyber Threat Intelligence Database

Ransomware Roundup - Underground | FortiGuard Labs

Tags

cmtmf-attack-pattern:	Supply Chain Compromise
country:	Canada Germany France Spain Singapore Slovakia Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Datasets Malware - T1587.001 Malware - T1588.001 Network Devices - T1584.008 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Supply Chain Compromise - T1474 Supply Chain Compromise - T1195 Supply Chain Compromise

Show in Graph

Common Information

Type	Value
UUID	7db52bc3-4bfa-47ca-a6b9-91169e0b2808
Fingerprint	8730a9d11726a61e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 30, 2024, 1 p.m.
Added to db	Aug. 31, 2024, 6:09 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Ransomware Roundup - Underground
Title	Ransomware Roundup - Underground \| FortiGuard Labs
Detected Hints/Tags/Attributes	76/4/13

Source URLs

	Redirection	Url
Details	Redirection	https://feeds.fortinet.com/~/903758144/0/fortinet/blog/threat-research~Ransomware-Roundup-Underground
Details	Source	https://www.fortinet.com/blog/threat-research/ransomware-roundup-underground

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com
Details	fortinet.com	feeds.fortinet.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	117	✔	Fortinet All Blogs	https://feeds.feedburner.com/fortinet/blogs	2024-08-30 22:08
Details	122	✔	Fortinet Threat Research Blog	https://feeds.fortinet.com/fortinet/blog/threat-research	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	119		cve-2023-36884
Details	File	345		vssadmin.exe
Details	File	165		reg.exe
Details	File	256		net.exe
Details	sha256	2		9543f71d7c4e394223c9d41ccef71541e1f1eb0cc76e8fa0f632b8365069af64
Details	sha256	3		9f702b94a86558df87de316611d9f1bfe99a6d8da9fa9b3d7bb125a12f9ad11f
Details	sha256	3		eb8ed3b94fa978b27a02754d4f41ffc95ed95b9e62afb492015d0eb25f89956f
Details	sha256	3		9d41b2f7c07110fb855c62b5e7e330a597860916599e73dd3505694fd1bbe163
Details	sha256	3		cc80c74a3592374341324d607d877dcf564d326a1354f3f2a4af58030e716813
Details	sha256	4		d4a847fa9c4c7130a852a2e197b205493170a8b44426d9ec481fc4b285a92666
Details	Mandiant Temporary Group Assumption	5		TEMP.CMD
Details	Microsoft Threat Actor Naming Taxonomy (Groups in development)	79		Storm-0978
Details	Windows Registry Key	44		HKLM\SOFTWARE\Policies\Microsoft\Windows