ioc[.]one - OSINT Cyber Threat Intelligence Database

SamSam Ransomware Campaigns

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Direct Model Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Connection Proxy - T1090 Powershell - T1086 Remote Desktop Protocol - T1076 Windows Management Instrumentation - T1047 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	9a0e2678-6f64-4a03-94fd-24f1854ab7ae
Fingerprint	bd379adb83318795
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2018, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	SamSam Ransomware Campaigns
Title	SamSam Ransomware Campaigns
Detected Hints/Tags/Attributes	125/2/43

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/samsam-ransomware-campaigns

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		bitref.com
Details	Domain	8		www.alienvault.com
Details	Domain	19		motherboard.vice.com
Details	Domain	122		www.kaspersky.com
Details	Domain	212		technet.microsoft.com
Details	Domain	98		www.secureworks.com
Details	Domain	261		blog.talosintelligence.com
Details	File	12		del.exe
Details	File	2		delfiletype.exe
Details	File	3		selfdel.exe
Details	File	14		csvde.exe
Details	File	2		jbossass.jsp
Details	File	1208		powershell.exe
Details	File	27		invoke-mimikatz.ps1
Details	File	2		ok.txt
Details	File	1		m64.log
Details	File	1		character2.exe
Details	File	2125		cmd.exe
Details	File	1		c:\windows\system32\character2.exe
Details	File	1		_publickey.key
Details	File	5		nlbrute.exe
Details	File	1		r45.exe
Details	File	6		bb897553.aspx
Details	File	1		samsam-evolution-continues-netting-over.html
Details	md5	1		025c1c35c3198e6e3497d5dbf97ae81f
Details	md5	1		7e50f6e752b1335cbb4afe5aee93e317
Details	md5	1		58b39bb94660958b6180588109c34f51
Details	sha1	1		6d390038003c298c7ab8f2cbe35a50b07e096554
Details	sha1	1		f69a4f9407f0aebf25576a4c9baa609cb35683d1
Details	sha1	1		7d21c1fb16f819c7a15e7a3343efb65f7ad76d85
Details	sha256	1		ffa28db79daca3b93a283ce2a6ff24791956a768cb5fc791c075b638416b51f4
Details	sha256	1		022f80d65608a6af3eb500f4b60674d2c59b11322a3f87dcbb8582ce34c39b99
Details	sha256	2		88e344977bf6451e15fe202d65471a5f75d22370050fe6ba4dfa2c2d0fae7828
Details	Url	3		https://raw.githubusercontent.com/mattifestation/powersploit/master/exfiltration/invoke-mimikatz.ps1
Details	Url	1		https://www.alienvault.com/blogs/labs-research/samsam-ransomware-targeted-attacks-continue
Details	Url	1		https://community.rsa.com/community/products/netwitness/blog/2016/04/18/held-for-ransom-a-case-study-of-a-recent-ransomware-attack
Details	Url	1		https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-hospitals-city-councils-ics-firms
Details	Url	1		https://motherboard.vice.com/en_us/article/ezpzpe/the-spreading-epidemic-of-hospital-ransomware
Details	Url	1		https://www.kaspersky.com/blog/xdedic/5648
Details	Url	1		https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Details	Url	1		https://www.secureworks.com/blog/ransomware-deployed-by-adversary
Details	Url	1		https://www.secureworks.com/blog/samas-ransomware
Details	Url	1		http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html