Diving into Double Extortion Campaigns | Accenture
Tags
country: United States Of America
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Javascript - T1059.007 Junk Data - T1001.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Connection Proxy - T1090 Credential Dumping - T1003 Powershell - T1086 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 82be529c-1871-4ae4-9747-b9664f532fea
Fingerprint f02a8dd9cfbb8d89
Analysis status DONE
Considered CTI value 1
Text language
Published Nov. 1, 2021, 5:24 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Diving into double extortion campaigns
Title Diving into Double Extortion Campaigns | Accenture
Detected Hints/Tags/Attributes 103/2/12
Source URLs
Redirection Url
Details Source https://www.accenture.com/us-en/blogs/cyber-defense/double-extortion-campaigns
URL Provider
Details Provider Source level domain
Details accenture.com www.accenture.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
newschools.info
Details Domain 3 
currentteach.com
Details Domain 77 
mega.nz
Details Domain 7 
accenture.com
Details Domain 26 
www.accenture.com
Details Domain 360 
attack.mitre.org
Details Domain 124 
www.sentinelone.com
Details Email 3 
cifr.hotline@accenture.com
Details File 95 
wevtutil.exe
Details Mandiant Uncategorized Groups 1 
UNC2602
Details Url 7 
https://attack.mitre.org/software/s0154
Details Url 1 
https://www.sentinelone.com/labs/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow