ioc[.]one - OSINT Cyber Threat Intelligence Database

Ransomware: How Attackers are Breaching Corporate Networks

Tags

attack-pattern:

Data Model Cloud Services - T1021.007 Credentials - T1589.001 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Rundll32 - T1085 Third-Party Software - T1072

Show in Graph

Common Information

Type	Value
UUID	9099229c-fe9b-48ce-97ba-5e5789299868
Fingerprint	b632e0d90933b20b
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 28, 2022, midnight
Added to db	Dec. 18, 2024, 11:28 p.m.
Last updated	Dec. 25, 2024, 4:36 a.m.
Headline	Ransomware: How Attackers are Breaching Corporate Networks
Title	Ransomware: How Attackers are Breaching Corporate Networks
Detected Hints/Tags/Attributes	93/1/44

Source URLs

	Redirection	Url
Details	Redirection	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-hive-conti-avoslocker
Details	Redirection	https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-hive-conti-avoslocker
Details	Source	https://www.security.com/threat-intelligence/ransomware-hive-conti-avoslocker

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com
Details	security.com	www.security.com

Attributes

Details	Type	#Events	Value
Details	File	48	lsass.dmp
Details	File	122	taskmgr.exe
Details	File	17	ips.txt
Details	File	28	xxx.exe
Details	File	8	comps1.txt
Details	File	2339	cmd.exe
Details	File	4	%appdata%\xxx.exe
Details	File	1	ele.dll
Details	File	93	mimikatz.exe
Details	File	193	reg.exe
Details	File	104	wevtutil.exe
Details	File	8	_.log
Details	File	374	vssadmin.exe
Details	File	258	wmic.exe
Details	File	112	bcdedit.exe
Details	Url	1	https://raw.githubusercontent.com/<redacted>/invoke-mimikatz.ps1
Details	Url	5	https://anonfiles.com
Details	Url	5	https://mega.nz
Details	Url	6	https://send.exploit.in
Details	Url	5	https://ufile.io
Details	Url	7	https://www.sendspace.com
Details	Windows Registry Key	174	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	48	HKLM\SOFTWARE\Policies\Microsoft\Windows
Details	Windows Registry Key	15	HKLM\Software\Policies\Microsoft\Windows
Details	Windows Registry Key	2	HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger
Details	Windows Registry Key	2	HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger
Details	Windows Registry Key	200	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	2	HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
Details	CVE	202	cve-2021-34473
Details	CVE	170	cve-2021-34523
Details	CVE	166	cve-2021-31207
Details	CVE	223	cve-2021-26855
Details	CVE	182	cve-2018-13379
Details	CVE	12	cve-2018-13374
Details	CVE	459	cve-2021-44228
Details	Domain	31	anonfiles.com
Details	Domain	88	mega.nz
Details	Domain	14	send.exploit.in
Details	Domain	20	ufile.io
Details	Domain	21	www.sendspace.com
Details	File	33	invoke-mimikatz.ps1
Details	File	77	comsvcs.dll
Details	File	1102	rundll32.exe
Details	File	35	c:\windows\system32\comsvcs.dll