瞄准国内政企!深度揭秘的勒索软件运营商 Rast gang
Tags
| maec-delivery-vectors: | Watering Hole |
Common Information
| Type | Value |
|---|---|
| UUID | 99657126-e7d9-4b0f-bba3-690921d79ce0 |
| Fingerprint | 53d6b6d8900a663d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 25, 2024, midnight |
| Added to db | Sept. 25, 2024, 2:49 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 瞄准国内政企!深度揭秘的勒索软件运营商 Rast gang |
| Title | 瞄准国内政企!深度揭秘的勒索软件运营商 Rast gang |
| Detected Hints/Tags/Attributes | 18/1/41 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 267 | ✔ | 奇安信威胁情报中心 | https://wechat2rss.xlab.app/feed/b93962f981247c0091dad08df5b7a6864ab888e9.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 8 | waifu.club |
|
| Details | Domain | 84 | airmail.cc |
|
| Details | Domain | 144 | cock.li |
|
| Details | Domain | 39 | email.com |
|
| Details | 3 | backup@waifu.club |
||
| Details | 2 | basedata@airmail.cc |
||
| Details | 2 | bitcloud@cock.li |
||
| Details | 2 | dataserver@airmail.cc |
||
| Details | 2 | fat32@airmail.cc |
||
| Details | 6 | hashtreep@waifu.club |
||
| Details | 2 | hoeosi@airmail.cc |
||
| Details | 5 | myfile@waifu.club |
||
| Details | 2 | qyxugani@airmail.cc |
||
| Details | 6 | rast@airmail.cc |
||
| Details | 2 | user1@email.com |
||
| Details | File | 2 | %userprofile%\documents\zapp.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 2 | %userprofile%\documents\revouninprosetup.exe |
|
| Details | File | 2 | %userprofile%\documents\mimik\mimik\mimik\x64\mimik.exe |
|
| Details | File | 32 | result.txt |
|
| Details | File | 2 | %userprofile%\documents\netscanold\netscanold.exe |
|
| Details | File | 2 | kportscan3.exe |
|
| Details | File | 2 | %userprofile%\documents\runtime.exe |
|
| Details | File | 2 | %userprofile%\documents\netpass64.exe |
|
| Details | File | 2 | %userprofile%\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe |
|
| Details | File | 2 | %userprofile%\documents\cryp.exe |
|
| Details | File | 2 | %userprofile%\documents\svhost.exe |
|
| Details | File | 2 | %userprofile%\documents\recovery.exe |
|
| Details | File | 9 | recovery.exe |
|
| Details | md5 | 3 | 6966d86f2bc4bbc5a3ea002baf4c5b4a |
|
| Details | md5 | 3 | a02622dd81e76d917f857df0c765fb1a |
|
| Details | md5 | 6 | bb7c575e798ff5243b5014777253635d |
|
| Details | md5 | 3 | c0a8af17a2912a08a20d65fe85191c28 |
|
| Details | md5 | 3 | e96dc82b080bc4c229cc5c049c0a187b |
|
| Details | md5 | 3 | b53f2c089d4a856f72b98564afd30aaf |
|
| Details | md5 | 3 | 9e1108f9808a4a117d15c4afe0472061 |
|
| Details | md5 | 3 | 673630ad8254a52b7eb9897518129aeb |
|
| Details | md5 | 3 | e3d2e511a9a783f6ff3c25e305821be7 |
|
| Details | md5 | 3 | 4680edef53618e2dbda7832492ede62e |
|
| Details | IPv4 | 3 | 94.232.249.179 |
|
| Details | IPv4 | 3 | 179.43.172.241 |