ioc[.]one - OSINT Cyber Threat Intelligence Database

Know Your Adversary: Cuba Ransomware

Tags

cmtmf-attack-pattern:	Compromise Infrastructure Exploit Public-Facing Application
country:	Cuba
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Compromise Infrastructure - T1584 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domains - T1583.001 Domains - T1584.001 Exploitation For Privilege Escalation - T1404 Exploit Public-Facing Application - T1377 Impair Defenses - T1562 Impair Defenses - T1629 Kerberoasting - T1558.003 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rdp Hijacking - T1563.002 Steal Or Forge Kerberos Tickets - T1558 Connection Proxy - T1090 Credential Dumping - T1003 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 Kerberoasting - T1208 Remote Services - T1021 Valid Accounts - T1078 Exploit Public-Facing Application External Remote Services Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	8e22eecb-fee8-46fd-9ae2-0c8265bdd2c1
Fingerprint	bf1680511b54b65e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 24, 2022, 5:53 p.m.
Added to db	Dec. 24, 2022, 7:44 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Know Your Adversary: Cuba Ransomware
Title	Know Your Adversary: Cuba Ransomware
Detected Hints/Tags/Attributes	67/4/43

Source URLs

	Redirection	Url
Details	Source	https://infosecwriteups.com/know-your-adversary-cuba-ransomware-7b899be0410d?gi=85dc0174c3e1&source=rss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/know-your-adversary-cuba-ransomware-7b899be0410d?source=rss------cybersecurity-5
Details	Source	https://infosecwriteups.com/know-your-adversary-cuba-ransomware-7b899be0410d?source=rss----7b722bfd1b8d---4

URL Provider

Details	Provider	Source level domain
Details	infosecwriteups.com	infosecwriteups.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	136	✔	InfoSec Write-ups - Medium	https://infosecwriteups.com/feed	2024-08-30 22:08
Details	162	✔	—	https://media.cert.europa.eu/rss?type=category&id=APTFilter&language=en&duplicates=false	2024-08-30 22:08
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	144	cock.li
Details	Domain	469	www.cisa.gov
Details	Domain	167	www.ic3.gov
Details	Domain	224	unit42.paloaltonetworks.com
Details	Domain	18	speakerdeck.com
Details	Email	3	magikkey@cock.li
Details	Email	3	berkberk@cock.li
Details	Email	3	sonom@cock.li
Details	Email	3	filebase@cock.li
Details	Email	5	cloudkey@cock.li
Details	Email	4	frankstore@cock.li
Details	File	3	211203-2.pdf
Details	sha256	5	f1103e627311e73d5f29e877243e7ca203292f9419303c661aec57745eb4f26c
Details	sha256	5	a7c207b9b83648f69d6387780b1168e2f1eabd23ae6e162dd700ae8112f8b96c
Details	sha256	5	02a733920c7e69469164316e3e96850d55fca9f5f9d19a241fad906466ec8ae8
Details	sha256	5	bff4dd37febd5465e0091d9ea68006be475c0191bd8c7a79a44fbf4b99544ef1
Details	sha256	5	857f28b8fe31cf5db6d45d909547b151a66532951f26cda5f3320d2d4461b583
Details	sha256	5	ecefd9bb8b3783a81ab934b44eb3d84df5e58f0289f089ef6760264352cf878a
Details	IPv4	18	193.23.244.244
Details	IPv4	6	144.172.83.13
Details	IPv4	4	216.45.55.30
Details	IPv4	4	94.103.9.79
Details	IPv4	6	149.255.35.131
Details	IPv4	4	217.79.43.148
Details	IPv4	4	192.137.101.46
Details	IPv4	5	154.35.175.225
Details	IPv4	4	222.252.53.33
Details	MITRE ATT&CK Techniques	15	T1584.001
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	8	T1563.002
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	152	T1090
Details	Url	3	https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
Details	Url	3	https://www.ic3.gov/media/news/2021/211203-2.pdf
Details	Url	4	https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius
Details	Url	3	https://www.picussecurity.com/resource/blog/cisa-alert-aa22-335a-cuba-ransomware-analysis-simulation-ttps-iocs
Details	Url	3	https://speakerdeck.com/fr0gger/technical-analysis-of-cuba-ransomware