RobinHood Ransomware “CoolMaker” Functions Not So Cool - SentinelLabs
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 94bf226a-6c07-4ca2-8ef6-91584f162b84
Fingerprint e60282b91c1396d0
Analysis status DONE
Considered CTI value 0
Text language
Published May 9, 2019, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline RobinHood Ransomware “CoolMaker” Functions Not So Cool
Title RobinHood Ransomware “CoolMaker” Functions Not So Cool - SentinelLabs
Detected Hints/Tags/Attributes 38/1/10
Source URLs
Redirection Url
Details Source https://www.sentinelone.com/blog/robinhood-ransomware-coolmaker-function-not-cool/
URL Provider
Details Provider Source level domain
Details sentinelone.com www.sentinelone.com
Attributes
Details Type #Events CTI Value
Details CVE 197 
cve-2019-0708
Details File 2126 
cmd.exe
Details File 1 
windowstemppub.key
Details File 5 
pub.key
Details File 1 
windowstemprbf.log
Details File 345 
vssadmin.exe
Details File 105 
bcdedit.exe
Details File 118 
sc.exe
Details File 95 
wevtutil.exe
Details File 46 
system.exe