ioc[.]one - OSINT Cyber Threat Intelligence Database

Color by numbers: inside a Dharma ransomware-as-a-service attack

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Control Panel - T1218.002 Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Password Cracking - T1110.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Brute Force - T1110 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021 Rootkit - T1014 Rootkit

Show in Graph

Common Information

Type	Value
UUID	9dfe2c95-b7c2-4e42-aeb4-279cf272c0ac
Fingerprint	ace2ac415641a54e
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 12, 2020, 12:30 p.m.
Added to db	Sept. 11, 2022, 12:42 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Color by numbers: inside a Dharma ransomware-as-a-service attack
Title	Color by numbers: inside a Dharma ransomware-as-a-service attack
Detected Hints/Tags/Attributes	86/3/53

Source URLs

	Redirection	Url
Details	Source	https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-ransomware-as-a-service-attack/

URL Provider

Details	Provider	Source level domain
Details	sophos.com	news.sophos.com

Attributes

Details	Type	#Events	Value
Details	CVE	32	cve-2018-8120
Details	Domain	10	dropmefiles.com
Details	Domain	129	api.ipify.org
Details	Domain	47	checkip.dyndns.org
Details	Domain	14	www.myexternalip.com
Details	Domain	6	bot.whatismyipaddress.com
Details	Domain	1	lbru4v4.zip
Details	File	1	toolbelt.ps1
Details	File	1	start-tor.ps1
Details	File	1	email-screenshot.ps1
Details	File	1	lapass.ps1
Details	File	1	lubrute.ps1
Details	File	1	find-pass.ps1
Details	File	16	lazagne.exe
Details	File	1	delete-avservices.ps1
Details	File	1	disable-windefend.ps1
Details	File	1	purgememory.ps1
Details	File	1	takeaway.exe
Details	File	11	winhost.exe
Details	File	1	winhostok.ps1
Details	File	1	javsecc.exe
Details	File	33	tor.exe
Details	File	1	netpc.ps1
Details	File	1	netsubpc.ps1
Details	File	74	mstsc.exe
Details	File	2	ns2.exe
Details	File	1	ipscan2.exe
Details	File	1	netadpc.ps1
Details	File	1	adbrute.ps1
Details	File	3	2sys.ps1
Details	File	2	rdclip.exe
Details	File	1	clearlock.exe
Details	File	1	wallet.ps1
Details	File	1	addsupport.bat
Details	File	11	x86.exe
Details	File	13	x64.exe
Details	File	1	toolbelt1.ps1
Details	File	1	asadmin.bat
Details	File	1	javsec.exe
Details	File	76	mimikatz.exe
Details	File	1	postgresqlapi.exe
Details	File	1	lbru4v4.zip
Details	File	1	gethosts.ps1
Details	File	1	sample.ps1
Details	File	1208	powershell.exe
Details	File	2125	cmd.exe
Details	File	1	gamer.exe
Details	File	7	39-setup.exe
Details	File	56	processhacker.exe
Details	Url	26	https://api.ipify.org
Details	Url	4	http://checkip.dyndns.org
Details	Url	1	http://www.myexternalip.com/raw
Details	Url	4	http://bot.whatismyipaddress.com