Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 Brute Force - T1110 |
Common Information
| Type | Value |
|---|---|
| UUID | 945fb7d1-7e4d-405e-9ca0-8ad9459077a6 |
| Fingerprint | a7b58c3e950986cd |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 6, 2021, 1:01 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 5:19 p.m. |
| Headline | Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics |
| Title | Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics |
| Detected Hints/Tags/Attributes | 57/3/10 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 37 | www.blackberry.com |
|
| Details | File | 368 | readme.txt |
|
| Details | File | 1 | oh24o8-readme.txt |
|
| Details | File | 15 | -readme.txt |
|
| Details | md5 | 1 | 031931d2f2d921a9d906454d42f21be0 |
|
| Details | Url | 2 | https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment. |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\aDTFUAIa7j |
|
| Details | Windows Registry Key | 1 | HKLM\BlackLivesMatter |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BlackLivesMatter |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Windows\CurrentVersion\Run |