Inside The World Of Ransomware
Common Information
Type Value
UUID a9f7d378-6c0a-40fc-b171-cda32ca0d3a0
Fingerprint a5ba887982059614
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 1, 2024, midnight
Added to db Dec. 19, 2024, 10:32 p.m.
Last updated Dec. 24, 2024, 2:49 p.m.
Headline Inside The World Of Ransomware-part 3/3: CONTI, RYUK and HIVE affiliates, the hidden link
Title Inside The World Of Ransomware
Detected Hints/Tags/Attributes 70/3/22
Attributes
Details Type #Events CTI Value
Details Domain 84
thedfirreport.com
Details Domain 285
blog.talosintelligence.com
Details File 11
adf.bat
Details File 17
ad_users.txt
Details File 1
usersallwindows.csv
Details File 2
dclist.txt
Details File 9
copy.bat
Details File 135
psexec.exe
Details File 8
comps1.txt
Details File 28
xxx.exe
Details File 6
exe.bat
Details File 1
windowstempxxx.exe
Details File 5
wmi.bat
Details File 2338
cmd.exe
Details File 1
%appdata%xxx.exe
Details File 1
fqumh.exe
Details File 1
conti-leak-translation.html
Details Url 4
https://thedfirreport.com/2020/10/08/ryuks-return
Details Url 1
https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook
Details Url 1
https://blog.talosintelligence.com/2021/09/conti-leak-translation.html
Details Url 3
https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike
Details Url 2
https://northwave-security.com/when-the-hackers-get-hacked-part-1-a-blog-series-unveiling-the-conti-ransomware-family