ioc[.]one - OSINT Cyber Threat Intelligence Database

Satan Ransomware Spawns New Methods to Spread

Tags

attack-pattern:

Data Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerability Scanning - T1595.002 Remote File Copy - T1105 Default Credentials Remote File Copy

Show in Graph

Common Information

Type	Value
UUID	afae45e5-ce10-4baa-94f4-9577e70176e7
Fingerprint	a76570301fbb8a9d
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 21, 2022, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Satan Ransomware Spawns New Methods to Spread
Title	Satan Ransomware Spawns New Methods to Spread
Detected Hints/Tags/Attributes	51/1/36

Source URLs

	Redirection	Url
Details	Source	https://www.alienvault.com/blogs/labs-research/satan-ransomware-spawns-new-methods-to-spread

URL Provider

Details	Provider	Source level domain
Details	alienvault.com	www.alienvault.com

Attributes

Details	Type	#Events	Value
Details	CVE	13	cve-2017-12149
Details	CVE	81	cve-2017-10271
Details	CVE	47	cve-2017-0143
Details	Domain	246	mail.ru
Details	Email	3	satan_pro@mail.ru
Details	File	2	sts.exe
Details	File	2	down64.dll
Details	File	226	certutil.exe
Details	File	1	clist1.jsp
Details	File	2	satan.exe
Details	File	3	token.php
Details	File	4	_how_to_decrypt_files.txt
Details	md5	1	c290cd24892905fbcf3cb39929de19a5
Details	sha256	1	3e3f8570c11dff0b5a0e061eae6bdd66cf9fa01d815658a0589d98873500358d
Details	sha256	3	15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13
Details	sha256	2	b556b5c077e38dcb65d21a707c19618d02e0a65ff3f9887323728ec078660cc3
Details	sha256	2	15292172a83f2e7f07114693ab92753ed32311dfba7d54fe36cc7229136874d9
Details	sha256	2	0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887
Details	sha256	1	93027b47ef0b6f7d933017320951bbbeef792a8f1bc43b3fe96c2b61f1dc2636
Details	sha256	2	cde45f7ff05f52b7215e4b0ea1f2f42ad9b42031e16a3be9772aa09e014bacdb
Details	sha256	31	85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5
Details	sha256	2	ca63dbb99d9da431bf23aca80dc787df67bb01104fb9358a7813ed2fce479362
Details	sha256	2	db0831e19a4e3a736ea7498dadc2d6702342f75fd8f7fbae1894ee2e9738c2b4
Details	sha256	2	aa8adf96fc5a7e249a6a487faaf0ed3e00c40259fdae11d4caf47a24a9d3aaed
Details	sha256	2	be8eb97d8171b8c91c6bc420346f7a6d2d2f76809a667ade03c990feffadaad5
Details	sha256	2	0259d41720f7084716a3b2bbe34ac6d3021224420f81a4e839b0b3401e5ef29f
Details	sha256	2	50f329e034db96ba254328cd1e0f588af6126c341ed92ddf4aeb96bc76835937
Details	sha256	2	aceb27720115a63b9d47e737fd878a61c52435ea4ec86ba8e58ee744bc85c4f3
Details	sha256	2	cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12
Details	sha256	2	b7d8fcc3fb533e5e0069e00bc5a68551479e54a990bb1b658e1bd092c0507d68
Details	sha256	2	b2a3172a1d676f00a62df376d8da805714553bb3221a8426f9823a8a5887daaa
Details	sha256	2	f0df80978b3a563077def7ba919e2f49e5883d24176e6b3371a8eef1efe2b06a
Details	sha256	2	5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee
Details	sha256	1	cf12eca0e10dc3370d7917e7678dc09629240d3e7cc71c5ac0df68576bea0682
Details	IPv4	1	45.124.132.119
Details	MITRE ATT&CK Techniques	492	T1105