ioc[.]one - OSINT Cyber Threat Intelligence Database

Tales of Ransomwares 2021

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Scheduled Task/Job
country:	France
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Accounts - T1078.002 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploitation For Privilege Escalation - T1404 Impair Defenses - T1562 Impair Defenses - T1629 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 System Services - T1569 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Windows Service - T1543.003 Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Bits Jobs - T1197 Command-Line Interface - T1059 Credential Dumping - T1003 Exploit Public-Facing Application - T1190 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 Powershell - T1086 Regsvr32 - T1117 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Rundll32 - T1085 Scheduled Task - T1053 Service Execution - T1035 Valid Accounts - T1078 Trap - T1154 Denial Of Service External Remote Services Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	9c18c43a-4a14-42d9-beb3-41b9deb877f0
Fingerprint	ac30c1518c21dee5
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 25, 2022, 2:39 p.m.
Added to db	Nov. 29, 2022, 10:12 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Tales of Ransomwares 2021
Title	Tales of Ransomwares 2021
Detected Hints/Tags/Attributes	203/4/125

Source URLs

	Redirection	Url
Details	Source	https://www.intrinsec.com/tales-of-ransomwares-2021/

URL Provider

Details	Provider	Source level domain
Details	intrinsec.com	www.intrinsec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	322	✔	Cybersécurité – INTRINSEC	https://www.intrinsec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	168	cve-2021-34473
Details	CVE	142	cve-2021-34523
Details	CVE	143	cve-2021-31207
Details	CVE	150	cve-2018-13379
Details	CVE	7	cve-2020-15069
Details	CVE	24	cve-2021-20016
Details	CVE	11	cve-2020-5135
Details	CVE	161	cve-2019-19781
Details	CVE	217	cve-2020-1472
Details	CVE	184	cve-2021-26855
Details	CVE	126	cve-2021-27065
Details	Domain	11	xxx.com
Details	Domain	1	connect.ed-diamond.com
Details	Domain	4	jpcertcc.github.io
Details	Domain	4127	github.com
Details	Domain	452	msrc.microsoft.com
Details	Domain	65	www.cert.ssi.gouv.fr
Details	Domain	65	www.fortiguard.com
Details	Domain	132	www.sophos.com
Details	Domain	32	support.citrix.com
Details	Domain	28	psirt.global.sonicwall.com
Details	Domain	281	docs.microsoft.com
Details	Domain	3	blog.orange.tw
Details	Domain	19	cyberint.com
Details	Domain	49	home.treasury.gov
Details	Domain	641	nvd.nist.gov
Details	Email	1	admin@xxx.com
Details	File	1	hfrftvxjxbkuyene.aspx
Details	File	1	xxx.vb
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1208	powershell.exe
Details	File	478	lsass.exe
Details	File	3	grabff.exe
Details	File	1	grabchrome.exe
Details	File	1	c:\perflogs\kavremvr.exe
Details	File	53	adfind.exe
Details	File	16	ad_users.txt
Details	File	16	ad_computers.txt
Details	File	12	ad_ous.txt
Details	File	7	ad_subnets.txt
Details	File	12	ad_group.txt
Details	File	6	ad_trustdmp.txt
Details	File	38	7.exe
Details	File	7	ad.7z
Details	File	1	psexec.htm
Details	File	7	7zip.exe
Details	File	2	mstc.exe
Details	File	46	system.exe
Details	File	175	update.exe
Details	File	3	c:\windows\system.exe
Details	File	3	connection_trace.txt
Details	File	1	_logfile.log
Details	File	6	sv.exe
Details	File	1122	svchost.exe
Details	File	345	vssadmin.exe
Details	File	1	c:\perflogs\a.txt
Details	File	1	c:\perflogs\xxx.dll
Details	File	2	xxx.dll
Details	File	1	c:\users\public\xxx.dll
Details	File	2	c:\windows\temp\log.dat
Details	File	6	xxx.txt
Details	File	2125	cmd.exe
Details	File	24	xxx.exe
Details	File	3	%appdata%\xxx.exe
Details	File	1	xxx.ps1
Details	File	1	c:\windows\xxx.dll
Details	File	1	list_xxx.txt
Details	File	122	psexec.exe
Details	File	2	c:\windows\temp\xxx.exe
Details	File	141	www.cer
Details	File	11	4.pdf
Details	File	1	attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
Details	File	3	ofac_ransomware_advisory_10012020_1.pdf
Details	Github username	2	ginuerzh
Details	IPv4	619	0.0.0.0
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	Url	1	https://connect.ed-diamond.com/misc/misc-091/detecter-la-persistance-wmi
Details	Url	1	https://jpcertcc.github.io/toolanalysisresultsheet/details/psexec.htm
Details	Url	2	https://github.com/ginuerzh/gost
Details	Url	3	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-26855
Details	Url	1	https://www.cert.ssi.gouv.fr/uploads/anssi_top-10-edition-2022_np_v1.0.4.pdf
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-27065
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34473
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34523
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31207
Details	Url	1	https://www.fortiguard.com/psirt/fg-ir-18-384
Details	Url	1	https://www.cert.ssi.gouv.fr/alerte/certfr-2020-ale-025
Details	Url	1	https://www.sophos.com/fr-fr/security-advisories/sophos-sa-20200625-xg-user-portal-rce
Details	Url	2	https://support.citrix.com/article/ctx267679
Details	Url	1	https://www.cert.ssi.gouv.fr/avis/certfr-2019-avi-640
Details	Url	1	https://psirt.global.sonicwall.com/vuln-list
Details	Url	4	https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-1472
Details	Url	1	https://www.cert.ssi.gouv.fr/alerte/certfr-2020-ale-020
Details	Url	1	https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts
Details	Url	4	https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Details	Url	1	https://www.cert.ssi.gouv.fr/actualite/certfr-2021-act-035
Details	Url	1	https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
Details	Url	2	https://cyberint.com/blog/research/raccoon-stealer
Details	Url	3	https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
Details	Url	3	https://nvd.nist.gov/vuln
Details	Windows Registry Key	41	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	44	HKLM\SOFTWARE\Policies\Microsoft\Windows
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	12	HKLM\Software\Policies\Microsoft\Windows
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\services\WinDefend
Details	Windows Registry Key	1	HKLM\SYSTEM\ControlSet001\Services\WdNisDrv
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv