ioc[.]one - OSINT Cyber Threat Intelligence Database

Sage Ransomware Campaign

Tags

attack-pattern:

Data Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	9d5733d8-0df8-4be8-a15b-3175fc84c8d0
Fingerprint	f75326fd30a6ae0f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 20, 2017, 8:09 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	NetWitness Community
Title	Sage Ransomware Campaign
Detected Hints/Tags/Attributes	30/1/62

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2017/10/20/new-sage-ransomware-campaign

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	Value
Details	Domain	13	hybrid-analysis.com
Details	File	1	31119.doc
Details	sha256	1	274d7b79f5e9645c1192b8b9cbbfea851eb1704b531e68b6f864163abe1caee2
Details	sha256	1	7dd90e639ffd672072eae5d050d15612e436f34842de8ecb404ccf927bda0957
Details	sha256	1	58082d7a63df4293a22857ce33cff839cb8b6f9466eb32768cef7c9f354bd951
Details	sha256	1	c2ed3b0d50459a3cc715de6c73015f002b87ce46a7f436b7cc492366ca11f498
Details	sha256	1	c7cdd0f0f43b86f47e9d028627923a346a47dd2bccf036fdf6d4dedba8acc03a
Details	sha256	1	7256bbcf4f1050f49d892d40cd8b52f2e8de5b987840a5b484beb1e66d7a509b
Details	sha256	1	4c0207af91ae4160c422d7e316e814d5631661f2c9dc7bb9df21a0fb48c0a71b
Details	sha256	1	7e42322134c241490cc2c4fdaa4c980fd365374ea704d6a91617719ddf1c79e0
Details	sha256	1	e2eabf1c99c7d359b03b79c6f022d99e6e38577358eb7f33ca4e0a54936ec3e9
Details	sha256	1	6d330792ae0a0f1e59696dc2bb7316c21fea4661d3054af6adca535f8e0279a2
Details	sha256	1	9a447796eb2248134e06bf51f747b439221f87d14144a4f562f256f46ee2f5dc
Details	sha256	1	25eec5ca8ffe1befcb946df90efac6de4e8d95ec1c1eccbc08a6d841d2df90f4
Details	sha256	1	f1a72a50b3bf1d2c54a00192581a42656ab04aae52c44a0257663f147c81bb0c
Details	sha256	1	773b7c6a0f4ecfdc2be76523407297f14b535edf4ea6d61b695a81cc1a2ba71f
Details	sha256	1	31c2272c8cfc19b86ef0284c697337da944c389499426de7f3aed42a994fe454
Details	sha256	1	063de7be700f6e07690446b0a96c6abfcec5f4ce35fbddede606a05e13a9f6b5
Details	sha256	1	b0140c6f1ca5acad0c27b7fe32e8585bd263b3c7eda60a9c8af3b3f730993ddc
Details	sha256	1	47c9ea2259b47c7db9bb59f909ab7512843841f2317cf461a6ebb9adb46ca6ee
Details	sha256	1	9f004a50d6430155d120bb9085ed243153ba1c787fa39cdbe938cab243b067e5
Details	sha256	1	9fad95c40b8240145b1e5222f245cf5d72647e91b1ced0992128d76d9fb1bf41
Details	sha256	1	7703541357104e4e8ddb5e3e236f18f2edbc52833e918ed52af1fb2bb807f5e6
Details	sha256	1	8c66095047f58b334064d350667326b61930ac0223adb39d4c2220f89129e66a
Details	sha256	1	216efe9357dbd9d692ce05a1d979308765d4c3af53c517b3e948d37f08b757b6
Details	sha256	1	7ca4f9cd2f4cc01c6148a0d349938b5a9835378ec4947f02af67a53cbf40a87e
Details	sha256	1	149adaeda8b6d891f60350d6155eaa268bf058c0ed38e06a536cf24455d3cc98
Details	sha256	1	2727a8727557f65c1650c2262b5fb4b4d48b847c5165d768e90af327dfbd1755
Details	sha256	1	0daf7b17550da58f9b3ba07a85f6e186137143addfe049e35debd09c99db53fb
Details	sha256	1	45b6403cdd91f73171a4f35065a2e8b28cb03182477d70c7c8bac9e190e0e051
Details	sha256	1	e9040610f48117f0e4cd6114a5a6ff54781cb9439ef1d8d5e0543b4ed34e595f
Details	sha256	1	e0b453143994314bab03c94c9344b0eaa53a466bb793c27277bc4f129e9c8422
Details	sha256	1	43dbbc9e7bb826932b2242e3f7e5f378e0a866727d606616369c3e668874c4df
Details	sha256	1	8daf66ea9005f2a651ffd03a7b2c0d23612946330578239beb863f4c6f3a3ddb
Details	sha256	1	db218309da397d978722a990674168a359e1ad5118fb1b2cad0108e75abfe3cb
Details	sha256	1	56bc350e23bba845d247fb0e276cf92792269f7d564d0a703f56552794f95ea5
Details	sha256	1	a5e43b1519b231a5fe102a259f497ddb914aab63c1208afe96d9023dd140b778
Details	sha256	1	c9b301c9bc45966885bd62d3d93addad9cc12386c1832121c64cb7a1dab86f02
Details	sha256	1	a43b418e168e5802bc7f01eed1600517c812b946ef1b106227519dcf1f7daa6f
Details	sha256	1	d87f31c39b7b0109f8c6e7ce540365adcecec3a28e557becb0649ab977ae8d8c
Details	sha256	1	23a83b57bce9910ecac56869f4cbf8df4f6098019f5489c972a9bdcfdcf37192
Details	sha256	1	1178fcc82a63b9e2795f9371fc951a03255c8fcd2e073fd9a0a981cec91b6657
Details	sha256	1	895b74a6f511b4ea6b506e481e9b53e06c6b8241331af2bc809b3431d62df2fc
Details	sha256	1	74ee87ac9f148d1f63f70deb854b70e7085a35b6606c4ed88a5421e141816247
Details	sha256	1	b23b7be8a8c68efa5383846f09564da83b250bc4422911fcb6a09690cdaf634a
Details	sha256	1	3036029b079f4628452cec4de9fc2e1c58f5db61b872a4b1fa8a4cf34cbe503d
Details	sha256	1	b216b77ce9d3f8dabc110e046a8e9fb21ea16b48e16d31405609d1fa806fff42
Details	sha256	1	71ab6b255621bedb8f7f30c2abdaa87b65057364ea4626d43cbb513c30e9205a
Details	sha256	1	dacb4d816a1c47bc60c03127de674e45ce2951fa46a21c978bd9340c8be6068b
Details	sha256	1	183a31aedf13df11a6c1d7bcf8b8a8efa5d8fb91c5c5c6a35f3cbf439bf61b03
Details	sha256	1	34de727c753aec40af9e8201116ade27f52e24cd7d228f56d48935672b3606dc
Details	sha256	1	ea3e84e499373f8044b013a2d844605ff1460b20a24e5ad9ffb161d310a142ce
Details	sha256	1	1b9973b12c1b3dc87903ed62eb271804df543df063e1214469fc2bb0e6dc657e
Details	sha256	1	96801c5f7bf6751622b42cd5ad6abd114eff276437e6873aedaacd3c5e6d62d3
Details	sha256	1	c31ebfbdbb676fd2def375aea3cde05f9b4ac71058cd88eba7ff1009c1d05efb
Details	sha256	1	62bc59d787dc76471ed07c6a04f25aa76e98033ba2cd37134d1f6f248c338dc5
Details	sha256	1	3c098a2c6a471cecaa768edd01309d47a6b4a8725e0b4ba3d0f5668d1318586c
Details	sha256	1	f028edcbac147e401699ac8c129d46b0fb2c2d3e0af089616e324230024361de
Details	sha256	1	c1aa68e448657911273a98e6492a425b8341650541ff3857ecfc303cab09c779
Details	sha256	1	0ddc0f51f16a49c6ea129b63eecbd2001ddcaac050f595fca5eede491f7a7693
Details	sha256	1	ee9714df6487b57dd0ee6a108f5ad01dc617b8d6d03c8e05854dbec8f4803d2b
Details	Threat Actor Identifier - APT	297	APT27