Tags
attack-pattern: Data Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Brute Force - T1110 External Remote Services - T1133 Graphical User Interface - T1061 Remote File Copy - T1105 Powershell - T1086 External Remote Services
Show in Graph
Common Information
Type Value
UUID c3e2bed2-00ed-450e-9771-1cf3c3bc95ea
Fingerprint ae29a0cf0343d7c4
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 4, 2020, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Part 1: analysing MedusaLocker ransomware
Title
Detected Hints/Tags/Attributes 53/1/15
Source URLs
Redirection Url
Details Source https://www.theta.co.nz/news-blogs/cyber-security-blog/part-1-analysing-medusalocker-ransomware/
URL Provider
Details Provider Source level domain
Details theta.co.nz www.theta.co.nz
Attributes
Details Type #Events CTI Value
Details File 32 
powershell_ise.exe
Details File 2 
connect-mstsc.ps1
Details File 2 
psnmap.psd
Details File 3 
2sys.ps1
Details File 42 
7za.exe
Details File 1 
certutil.log
Details IPv4 2 
185.202.1.19
Details IPv4 2 
213.7.208.69
Details IPv4 2 
5.2.224.56
Details Microsoft Patch Numbers 3 
KB2999226
Details MITRE ATT&CK Techniques 125 
T1110
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 6 
T1061
Details MITRE ATT&CK Techniques 41 
T1086
Details MITRE ATT&CK Techniques 492 
T1105