REvil Twins
Tags
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Credentials - T1589.001 Group Policy Modification - T1484.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Password Spraying - T1110.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Credential Dumping - T1003 External Remote Services - T1133 Mshta - T1170 Powershell - T1086 Regsvr32 - T1117 Remote Desktop Protocol - T1076 Rundll32 - T1085 Scheduled Task - T1053 Valid Accounts - T1078 External Remote Services Valid Accounts
Show in Graph
Common Information
Type Value
UUID 902136bc-2f58-47e7-8d8f-3cb7c0ea57d4
Fingerprint b5ea0cd8970eb74d
Analysis status DONE
Considered CTI value 0
Text language
Published June 30, 2021, midnight
Added to db Aug. 31, 2024, 12:23 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline UNKNOWN
Title REvil Twins
Detected Hints/Tags/Attributes 108/3/13
Source URLs
Redirection Url
Details Source https://blog.group-ib.com/revil_raas
Details Source https://blog.group-ib.com/REvil_RaaS
URL Provider
Details Provider Source level domain
Details group-ib.com blog.group-ib.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 36 Blog Group-IB https://blog.group-ib.com/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 110 
exploit.in
Details File 376 
wscript.exe
Details File 2126 
cmd.exe
Details File 1208 
powershell.exe
Details File 1018 
rundll32.exe
Details File 459 
regsvr32.exe
Details File 323 
winword.exe
Details File 199 
excel.exe
Details File 456 
mshta.exe
Details File 11 
c:\windows\syswow64\mshta.exe
Details File 127 
c:\windows\system32\rundll32.exe
Details File 1 
c:\users\public\leftswapstorage.jpg
Details File 1 
c:\temp\allwindows.csv