ioc[.]one - OSINT Cyber Threat Intelligence Database

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware | Mandiant

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	c82d83c5-8788-4817-84e2-d62cb1db8296
Fingerprint	a0158bff200785e5
Analysis status	DONE
Considered CTI value	1
Text language
Published	April 5, 2019, midnight
Added to db	Nov. 9, 2023, 12:24 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
Title	Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware \| Mandiant
Detected Hints/Tags/Attributes	80/1/26

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/pick-six-intercepting-a-fin6-intrusion

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	358	pastebin.com
Details	File	53	adfind.exe
Details	File	16	ad_users.txt
Details	File	16	ad_computers.txt
Details	File	12	ad_ous.txt
Details	File	7	ad_subnets.txt
Details	File	12	ad_group.txt
Details	File	6	ad_trustdmp.txt
Details	File	38	7.exe
Details	File	7	ad.7z
Details	File	17	kill.bat
Details	File	2	xaa.bat
Details	File	2	xab.bat
Details	File	2	xac.bat
Details	File	1122	svchost.exe
Details	File	122	psexec.exe
Details	File	12	c:\windows\temp\svchost.exe
Details	md5	1	031dd207c8276bcc5b41825f0a3e31b0
Details	IPv4	4	176.126.85.207
Details	IPv4	18	10.1.1.1
Details	IPv4	2	31.220.45.151
Details	Threat Actor Identifier - FIN	73	FIN6
Details	Url	1	https://176.126.85.207:443/7sjh.
Details	Url	1	https://176.126.85.207/ca.
Details	Url	3	https://pastebin.com
Details	Url	2	https://176.126.85.207:443/7sjh