ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Brief: Kaseya VSA Ransomware Attack

Tags

attack-pattern:

Malware - T1587.001 Malware - T1588.001 Social Media - T1593.001 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	98c5b381-31a3-42e0-8862-3fbba2423a81
Fingerprint	c47f1c5ac59ca90a
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 3, 2021, 10:15 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 12, 2024, 6:45 p.m.
Headline	Threat Brief: Kaseya VSA Ransomware Attack
Title	Threat Brief: Kaseya VSA Ransomware Attack
Detected Hints/Tags/Attributes	23/1/12

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	48		agent.exe
Details	File	41		mpsvc.dll
Details	File	4		dl.asp
Details	File	2		done.asp
Details	File	3		kupload.dll
Details	File	3		userfiltertablerpt.asp
Details	sha256	10		d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e
Details	sha256	8		e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2
Details	sha256	11		8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd
Details	IPv4	3		35.226.94.113
Details	IPv4	4		161.35.239.148
Details	IPv4	3		162.253.124.162