Inside The World Of Ransomware
Tags
country: | Russia |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Direct Credentials - T1589.001 Dcsync - T1003.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | a9f7d378-6c0a-40fc-b171-cda32ca0d3a0 |
Fingerprint | a5ba887982059614 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Jan. 1, 2024, midnight |
Added to db | Dec. 19, 2024, 10:32 p.m. |
Last updated | Dec. 24, 2024, 2:49 p.m. |
Headline | Inside The World Of Ransomware-part 3/3: CONTI, RYUK and HIVE affiliates, the hidden link |
Title | Inside The World Of Ransomware |
Detected Hints/Tags/Attributes | 70/3/22 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 84 | thedfirreport.com |
|
Details | Domain | 285 | blog.talosintelligence.com |
|
Details | File | 11 | adf.bat |
|
Details | File | 17 | ad_users.txt |
|
Details | File | 1 | usersallwindows.csv |
|
Details | File | 2 | dclist.txt |
|
Details | File | 9 | copy.bat |
|
Details | File | 135 | psexec.exe |
|
Details | File | 8 | comps1.txt |
|
Details | File | 28 | xxx.exe |
|
Details | File | 6 | exe.bat |
|
Details | File | 1 | windowstempxxx.exe |
|
Details | File | 5 | wmi.bat |
|
Details | File | 2338 | cmd.exe |
|
Details | File | 1 | %appdata%xxx.exe |
|
Details | File | 1 | fqumh.exe |
|
Details | File | 1 | conti-leak-translation.html |
|
Details | Url | 4 | https://thedfirreport.com/2020/10/08/ryuks-return |
|
Details | Url | 1 | https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook |
|
Details | Url | 1 | https://blog.talosintelligence.com/2021/09/conti-leak-translation.html |
|
Details | Url | 3 | https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike |
|
Details | Url | 2 | https://northwave-security.com/when-the-hackers-get-hacked-part-1-a-blog-series-unveiling-the-conti-ransomware-family |