Lock5 (Medusa Ransomware)
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution Masquerading Obfuscated Files Or Information Scheduled Task/Job
attack-pattern: Software Discovery - T1418 Boot Or Logon Autostart Execution - T1547 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Application Window Discovery - T1010 File System Logical Offsets - T1006 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Security Software Discovery - T1063 Software Packing - T1045 System Information Discovery - T1082 Masquerading
Show in Graph
Common Information
Type Value
UUID bcc8c98c-0c30-457e-9765-cd31f5cf2c99
Fingerprint 7a0818f90ff5d47a
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 12, 2024, 10:26 a.m.
Added to db Nov. 12, 2024, 11:54 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Lock5 (Medusa Ransomware)
Title Lock5 (Medusa Ransomware)
Detected Hints/Tags/Attributes 59/2/35
Source URLs
Redirection Url
Details Redirection https://sdsec12.com/lock5-medusa-ransomware-bb09bbac457c?source=rss------cybersecurity-5
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fsdsec12.com%2Flock5-medusa-ransomware-bb09bbac457c%3Fsource%3Drss------cybersecurity-5
Details Source https://sdsec12.com/lock5-medusa-ransomware-bb09bbac457c?gi=bcbc9f30e97e&source=rss------cybersecurity-5
Details Redirection https://medium.com/@sdsec12/lock5-medusa-ransomware-bb09bbac457c?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Details sdsec12.com sdsec12.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
task.name
Details File 3 
how_to_back_files.txt
Details File 62 
sqlbrowser.exe
Details File 1 
writer.exe
Details File 5 
sqlserv.exe
Details File 10 
msmdsrv.exe
Details File 10 
msdtssrvr.exe
Details File 12 
sqlceip.exe
Details File 18 
fdlauncher.exe
Details File 8 
ssms.exe
Details File 58 
sqlagent.exe
Details File 20 
fdhost.exe
Details File 7 
reportingservicesservice.exe
Details File 46 
msftesql.exe
Details File 9 
pg_ctl.exe
Details File 1 
-impostgres.exe
Details File 345 
vssadmin.exe
Details File 240 
wmic.exe
Details sha256 1 
10916ae59a8f99306f1af033bb5e97df353e36be9eeaf41264a9146e56f9197e
Details sha256 1 
c9ae3a5b170375f80e1d862b3885c5e4c052c0286ae405374a09f3cd1e517d18
Details sha256 1 
a01eb04c9f8836878e64f95ed1e146a6f472643a006d991aa0b5e425da5cdbbe
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 75 
T1010
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 141 
T1518.001
Details MITRE ATT&CK Techniques 12 
T1006
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 160 
T1027.002
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 380 
T1547.001
Details Windows Registry Key 4 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA