ioc[.]one - OSINT Cyber Threat Intelligence Database

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

Tags

country:

Germany India Laos Taiwan

attack-pattern:

Data Create Or Modify System Process - T1543 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Exploits - T1587.004 Exploits - T1588.005 File Deletion - T1070.004 File Deletion - T1630.002 Group Policy Modification - T1484.001 Lateral Tool Transfer - T1570 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Safe Mode Boot - T1562.009 System Shutdown/Reboot - T1529 Windows Service - T1543.003 File Deletion - T1107 Indicator Removal On Host - T1070 Modify Registry - T1112 New Service - T1050 Powershell - T1086 Data Destruction

Show in Graph

Common Information

Type	Value
UUID	bda38527-19a5-403e-9423-036761aa49a8
Fingerprint	8612a1d984b3b48f
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 4, 2024, midnight
Added to db	Oct. 15, 2024, 10:04 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
Title	Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
Detected Hints/Tags/Attributes	71/2/19

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_my/research/24/c/multistage-ra-world-ransomware.html
Details	Source	https://www.trendmicro.com/en_sg/research/24/c/multistage-ra-world-ransomware.html
Details	Source	https://www.trendmicro.com/en_in/research/24/c/multistage-ra-world-ransomware.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	16		stage1.exe
Details	File	1208		powershell.exe
Details	File	2		finish.exe
Details	File	2		exclude.exe
Details	File	20		stage2.exe
Details	File	4		pay.txt
Details	File	3		stage3.exe
Details	File	3		sd.bat
Details	File	2		c:\disklog.txt
Details	MITRE ATT&CK Techniques	29		T1484.001
Details	MITRE ATT&CK Techniques	118		T1570
Details	MITRE ATT&CK Techniques	28		T1562.009
Details	MITRE ATT&CK Techniques	247		T1070
Details	MITRE ATT&CK Techniques	297		T1070.004
Details	MITRE ATT&CK Techniques	550		T1112
Details	MITRE ATT&CK Techniques	180		T1543.003
Details	MITRE ATT&CK Techniques	472		T1486
Details	MITRE ATT&CK Techniques	48		T1529
Details	MITRE ATT&CK Techniques	93		T1485