An Investigation of the BlackCat Ransomware via Trend Micro Vision One
Tags
attack-pattern: Data Model Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Ntds - T1003.003 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Powershell - T1086 Rundll32 - T1085 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 7fcde979-43d5-4923-b4b9-936604864416
Fingerprint d751acdb7ff01e83
Analysis status DONE
Considered CTI value 2
Text language
Published April 18, 2022, midnight
Added to db Oct. 15, 2024, 4:40 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline An Investigation of the BlackCat Ransomware via Trend Micro Vision One
Title An Investigation of the BlackCat Ransomware via Trend Micro Vision One
Detected Hints/Tags/Attributes 80/1/16
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ca/research/22/d/an-investigation-of-the-blackcat-ransomware.html
Details Source https://www.trendmicro.com/en_be/research/22/d/an-investigation-of-the-blackcat-ransomware.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 143 
cve-2021-31207
Details CVE 168 
cve-2021-34473
Details CVE 142 
cve-2021-34523
Details Domain 3 
hacktool.win32.mpacket.sm
Details File 15 
backdoor.asp
Details File 128 
w3wp.exe
Details File 1018 
rundll32.exe
Details File 35 
libeay32.dll
Details File 218 
min.js
Details File 81 
werfault.exe
Details File 1 
spread.bat
Details File 4 
123.bat
Details File 37 
icacls.exe
Details File 18 
iisreset.exe
Details File 8 
wevutil.exe
Details IPv4 2 
5.255.100.242