A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) – CYBER GEEKS
Tags
| country: | Russia |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | a4f955be-0f41-4e58-bd80-cd949c742203 |
| Fingerprint | af223911a4a58081 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 14, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) |
| Title | A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3) – CYBER GEEKS |
| Detected Hints/Tags/Attributes | 64/2/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 219 | gist.github.com |
|
| Details | Domain | 1 | forum.powerbasic.com |
|
| Details | Domain | 2 | baroquetees.com |
|
| Details | Domain | 2 | rumahsia.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 14 | chuongdong.com |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 1 | shining-a-light-on-darkside-ransomware-operations.html |
|
| Details | Github username | 4 | api0cradle |
|
| Details | Github username | 21 | fireeye |
|
| Details | md5 | 1 | d4aaef39db0d845627d819b2b6b30512 |
|
| Details | md5 | 1 | 4787658f1cc4202b8a15e05dd0323fde |
|
| Details | sha256 | 4 | 0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9 |
|
| Details | IPv4 | 8 | 2.1.2.3 |
|
| Details | IPv4 | 1 | 1.8.6.2 |
|
| Details | Url | 1 | https://www.zdnet.com/article/darkside-the-ransomware-group-responsible-for-colonial-pipeline-cyberattack-explained/. |
|
| Details | Url | 1 | https://gist.github.com/api0cradle/d4aaef39db0d845627d819b2b6b30512. |
|
| Details | Url | 1 | https://forum.powerbasic.com/forum/user-to-user-discussions/source-code/25222-wmi-wrapper-functions |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wmi/3485541f-6950-4e6d-98cb-1ed4bb143441 |
|
| Details | Url | 9 | https://docs.microsoft.com/en-us/windows/win32/api |
|
| Details | Url | 4 | https://github.com/fireeye/flare-fakenet-ng |
|
| Details | Url | 6 | https://chuongdong.com/reverse |
|
| Details | Url | 1 | https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html |
|
| Details | Url | 1 | https://gist.github.com/api0cradle/d4aaef39db0d845627d819b2b6b30512 |