McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo | McAfee Blog
Tags
country: United Arab Emirates Finland Iran Israel Oman Poland Serbia
attack-pattern: Data Model Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Hidden Users - T1564.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Password Cracking - T1110.002 Software - T1592.002 Tool - T1588.002 Brute Force - T1110 Hidden Users - T1147
Show in Graph
Common Information
Type Value
UUID 98e18547-d590-447e-8968-fd7a8461d949
Fingerprint af9199bd81f1a641
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 21, 2019, 4:01 a.m.
Added to db Nov. 6, 2023, 7:14 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
Title McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo | McAfee Blog
Detected Hints/Tags/Attributes 73/2/12
Source URLs
Redirection Url
Details Source https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
Details Source https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
URL Provider
Details Provider Source level domain
Details mcafee.com securingtomorrow.mcafee.com
Details mcafee.com www.mcafee.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 333 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
picofile.com
Details Domain 1 
soft98.ir
Details Domain 18 
nomoreransom.org
Details File 1 
uax291-readme.txt
Details File 50 
a.exe
Details File 17 
everything.exe
Details File 77 
mimikatz.exe
Details File 1 
کرک.zip
Details File 1 
hidden-user.bat
Details sha1 1 
8d7d333574708c2fe5c37fad1bdfbc5a9664b33d
Details sha1 1 
a3769a6748ba5d8023bcb161a5274e24d419bd36
Details sha1 1 
bbabc23525b3852d463ef17ba7b8a2cab831e2b9