Mimic 랜섬웨어를 사용하는 Trigona 랜섬웨어 공격자 - ASEC
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID a24d5d5a-77ee-45d4-9730-c80a22b0e852
Fingerprint 40b32d6aea3c92b7
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 22, 2024, 3:40 a.m.
Added to db Oct. 1, 2024, 3:41 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Mimic 랜섬웨어를 사용하는 Trigona 랜섬웨어 공격자
Title Mimic 랜섬웨어를 사용하는 Trigona 랜섬웨어 공격자 - ASEC
Detected Hints/Tags/Attributes 26/1/30
Source URLs
Redirection Url
Details Redirection https://asec.ahnlab.com/ko/60744
Details Source https://asec.ahnlab.com/ko/60744/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details CVE 67 
cve-2021-40539
Details Domain 167 
tutanota.com
Details Domain 1 
znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion
Details Domain 14 
list.ru
Details Email 4 
farusbig@tutanota.com
Details Email 1 
getmydata@list.ru
Details File 4 
everything64.dll
Details File 42 
7za.exe
Details File 5 
dc.exe
Details File 1 
xdel.exe
Details File 4 
bcp.exe
Details File 1 
fodsozkgau.txt
Details File 7 
ad.exe
Details File 25 
4.exe
Details File 1 
c:\programdata\pp2.exe
Details File 1 
c:\programdata\fodsozkgau.txt
Details File 1 
pp2.exe
Details File 1 
c:\programdata\k2k.txt
Details File 1 
k3k.txt
Details File 1 
build.txt
Details File 1 
c:\programdata\kkk.bat
Details File 1 
c:\programdata\kur.bat
Details File 1 
kkk.bat
Details File 1 
anydesk-ad_1514b2f9.exe
Details File 1 
%allusersprofile%\pp2.exe
Details File 1 
c:\programdata\2k.exe
Details File 1 
c:\windows\temp\windowshostservicess.exe
Details IPv4 2 
2.57.149.233
Details Url 1 
http://znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion
Details Windows Registry Key 3 
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\wdigest