Post-mortem of a targeted Sodinokibi ransomware attack | Darktrace Blog
Tags
country: Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Models Credential Stuffing - T1110.004 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 8533ddce-547f-43ff-a91e-df6b69bc7dbb
Fingerprint af912111a923dc8b
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 20, 2020, midnight
Added to db Aug. 13, 2023, 4:50 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Post-mortem of a targeted Sodinokibi ransomware attack
Title Post-mortem of a targeted Sodinokibi ransomware attack | Darktrace Blog
Detected Hints/Tags/Attributes 114/3/28
Source URLs
Redirection Url
Details Source https://darktrace.com/blog/post-mortem-of-a-targeted-sodinokibi-ransomware-attack
URL Provider
Details Provider Source level domain
Details darktrace.com darktrace.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 101 https://de.darktrace.com/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
exceptionless.io
Details Domain 1 
exceptionalness.io
Details Domain 1 
vkmuz.net
Details Domain 1 
198-0-244-153-static.hfc.comcastbusiness.net
Details Domain 1 
api.reddcoin.com
Details Domain 1 
freevpn.zone
Details Domain 1 
aj1713.online
Details Domain 1 
www.itjx3no.com
Details Domain 1 
safe-proxy.com
Details Domain 1 
westchange.top
Details Domain 76 
ipfs.io
Details Domain 58 
image.thum.io
Details Domain 58 
logo.clearbit.com
Details Domain 58 
mku.ipfs.dweb.link
Details Domain 58 
filebase.com
Details File 1206 
index.php
Details File 1 
413x0h8l-readme.txt
Details File 1 
4omxa93-readme.txt
Details File 58 
ob.html
Details File 58 
atob.html
Details File 58 
cpmk.htm
Details IPv4 1 
46.150.70.86
Details IPv4 1 
92.119.160.60
Details IPv4 1 
31.41.116.201
Details Url 58 
https://ipfs.io/ipfs/qmfddxlwoliqfurx6duzcshxvbp1znm21h5jxgs1ffnxtp?filename=at
Details Url 58 
https://ipfs.io/ipfs/qmfddxlwoli
Details Url 58 
https://filebase.com/blog/ipfs-content-addressing-explained
Details Url 58 
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-attack-of-the-chameleon-phishing-page