ioc[.]one - OSINT Cyber Threat Intelligence Database

Andariel deploys DTrack and Maui ransomware

Tags

country:	India Japan Vietnam
attack-pattern:	Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	9bb369af-fa62-4f9d-a5b4-5a26e73992f8
Fingerprint	ac343b751c23a4cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 9, 2022, 10 a.m.
Added to db	Sept. 11, 2022, 12:39 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Andariel deploys DTrack and Maui ransomware
Title	Andariel deploys DTrack and Maui ransomware
Detected Hints/Tags/Attributes	72/2/31

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	81	cve-2017-10271
Details	File	1	c:\windows\temp\temp\mvhost.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	c:\windows\temp\temp\maui.exe
Details	File	1	c:\windows\temp\temp\bin\maui.exe
Details	File	1	c:\windows\temp\temp\bin\maui.key
Details	File	1	%appdata%\microsoft\mmc\dwem.cer
Details	File	1208	powershell.exe
Details	File	1	mini.ps1
Details	File	63	bitsadmin.exe
Details	File	1	dwem.cer
Details	md5	1	739812e2ae1327a94e441719b885bd19
Details	md5	1	ad4eababfe125110299e5a24be84472e
Details	md5	1	f2f787868a3064407d79173ac5fc0864
Details	md5	1	87e3fc08c01841999a8ad8fe25f12fe4
Details	md5	2	cf236bf5b41d26967b1ce04ebbdb4041
Details	md5	1	2f553cba839ca4dab201d3f8154bae2a
Details	md5	1	5bc4b606f4c0f8cd2e6787ae049bf5bb
Details	md5	1	95247511a611ba3d8581c7c6b8b1a38a
Details	sha1	1	102a6954a16e80de814bee7ae2b893f1fa196613
Details	sha1	1	94db86c214f4ab401e84ad26bb0c9c246059daff
Details	sha1	1	1c4aa2cbe83546892c98508cad9da592089ef777
Details	sha1	1	feb79a5a2bdf0bcf0777ee51782dc50d2901bb91
Details	sha256	1	6122c94cbfa11311bea7129ecd5aea6fae6c51d23228f7378b5f6b2398728f67
Details	sha256	1	a557a0c67b5baa7cf64bd4d42103d3b2852f67acf96b4c5f14992c1289b55eaa
Details	sha256	1	92adc5ea29491d9245876ba0b2957393633c9998eb47b3ae1344c13a44cd59ae
Details	sha256	1	60425a4d5ee04c8ae09bfe28ca33bf9e76a43f69548b2704956d0875a0f25145
Details	IPv4	295	8.8.8.8
Details	IPv4	1	145.232.235.222
Details	Url	1	http://145.232.235.222/usr/users/mini.ps1
Details	Url	1	http://145.232.235.222/usr/users/dwem.cert