ioc[.]one - OSINT Cyber Threat Intelligence Database

CACTUS ransomware | Cyber Threat Intelligence | Kroll

Tags

cmtmf-attack-pattern:

Command And Scripting Interpreter Exploit Public-Facing Application Obfuscated Files Or Information System Network Connections Discovery

attack-pattern:

Data Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Account - T1087.002 Domain Account - T1136.002 Exfiltration To Cloud Storage - T1567.002 Exploit Public-Facing Application - T1377 Ip Addresses - T1590.005 Junk Data - T1001.001 Lateral Tool Transfer - T1570 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Msiexec - T1218.007 Multi-Factor Authentication - T1556.006 Password Managers - T1555.005 Powershell - T1059.001 Python - T1059.006 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Automated Collection - T1119 Command-Line Interface - T1059 Connection Proxy - T1090 Create Account - T1136 Credential Dumping - T1003 Exploit Public-Facing Application - T1190 Obfuscated Files Or Information - T1027 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote System Discovery - T1018 Scheduled Task - T1053 Third-Party Software - T1072 Software Packing - T1045 System Network Connections Discovery - T1049 Automated Collection Exploit Public-Facing Application Remote System Discovery

Show in Graph

Common Information

Type	Value
UUID	a08073db-8236-4e67-b71a-011a284f1597
Fingerprint	a4610c136d3b96ee
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 10, 2023, midnight
Added to db	June 1, 2023, 10:58 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	CACTUS Ransomware: Prickly New Variant Evades Detection
Title	CACTUS ransomware \| Cyber Threat Intelligence \| Kroll
Detected Hints/Tags/Attributes	139/2/66

Source URLs

	Redirection	Url
Details	Source	https://www.kroll.com/en/insights/publications/cyber/cactus-ransomware-prickly-new-variant-evades-detection

URL Provider

Details	Provider	Source level domain
Details	kroll.com	www.kroll.com

Attributes

Details	Type	#Events	Value
Details	Domain	10	decode.py
Details	Domain	54	re.search
Details	Domain	1	extracted.group
Details	File	193	ntuser.dat
Details	File	367	readme.txt
Details	File	249	schtasks.exe
Details	File	1	%programdata%\sshd\sshd.exe
Details	File	1	%programdata%\sshd\ssh.exe
Details	File	51	install.bat
Details	File	15	ips.txt
Details	File	41	users.txt
Details	File	1	c:\users\public\ad.txt
Details	File	2	psnmap.ps1
Details	File	269	msiexec.exe
Details	File	1	c:\windows\best_uninstalltool.exe
Details	File	1	c:\windows\f2.bat
Details	File	2	f1.bat
Details	File	6	totalexec.ps1
Details	File	2	f2.bat
Details	File	1208	powershell.exe
Details	File	1	c:\windows\f1.bat
Details	File	38	7.exe
Details	File	1	c:\windows\7.exe
Details	File	1	c:\windows\ .7z
Details	File	1	c:\windows\ .exe
Details	File	1	a12b-e4fg-c12g-zkc2.exe
Details	File	1	c:\programdata\abc1-d2ef-gh3i-4jkl.exe
Details	File	9	c:\programdata\ntuser.dat
Details	File	10	decode.py
Details	File	39	anydesk.exe
Details	File	1	psnb.ps1
Details	File	137	conhost.exe
Details	md5	1	d9f15227fefb98ba69d98542fbe7e568
Details	md5	1	3adc612b769a2b1d08b50b1fb5783bcf
Details	md5	1	be7b13aee7b510b052d023dd936dc32f
Details	md5	1	26f3a62d205004fbc9c76330c1c71536
Details	md5	1	d5e5980feb1906d85fbd2a5f2165baf7
Details	md5	1	78aea93137be5f10e9281dd578a3ba73
Details	IPv4	1441	127.0.0.1
Details	IPv4	2	163.123.142.213
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	59	T1021.004
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	50	T1072
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	111	T1119
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	49	HKLM\Software\Microsoft\Windows
Details	Windows Registry Key	6	HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce