Onyx Ransomware Renames its Leak Site To “VSOP”
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution
country: United States Of America
attack-pattern: Data Boot Or Logon Autostart Execution - T1547 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 File And Directory Discovery - T1420 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Native Api - T1575 Registry Run Keys / Startup Folder - T1547.001 Software - T1592.002 Vulnerabilities - T1588.006 Execution Through Api - T1106 File And Directory Discovery - T1083 Registry Run Keys / Start Folder - T1060 System Information Discovery - T1082
Show in Graph
Common Information
Type Value
UUID 89c8b825-14f2-4ed3-83e2-c78de6d9d88f
Fingerprint a672b0f8166686dd
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 10, 2022, midnight
Added to db Oct. 24, 2023, 1:41 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Onyx Ransomware Renames its Leak Site To “VSOP”
Title Onyx Ransomware Renames its Leak Site To “VSOP”
Detected Hints/Tags/Attributes 78/3/10
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2022/08/10/onyx-ransomware-renames-its-leak-site-to-vsop/
Details Source https://cyble.com/blog/onyx-ransomware-renames-its-leak-site-to-vsop/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
Attributes
Details Type #Events CTI Value
Details File 367 
readme.txt
Details File 131 
tar.gz
Details md5 1 
cf6ff9e0403b8d89e42ae54701026c1f
Details sha1 2 
a4f5cb11b9340f80a89022131fb525b888aa8bc6
Details sha256 2 
a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b
Details MITRE ATT&CK Techniques 239 
T1106
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 472 
T1486