ioc[.]one - OSINT Cyber Threat Intelligence Database

McAfee Defender’s Blog: Cuba Ransomware Campaign | McAfee Blog

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Obfuscated Files Or Information
country:	Cuba
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 File And Directory Discovery - T1420 File And Directory Permissions Modification - T1222 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Service Stop - T1489 Spearphishing Attachment - T1566.001 Spearphishing Link - T1566.002 Spearphishing Via Service - T1566.003 System Checks - T1633.001 System Checks - T1497.001 System Services - T1569 Template Injection - T1221 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Access Token Manipulation - T1134 Account Discovery - T1087 Command-Line Interface - T1059 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Execution Through Module Load - T1129 File And Directory Discovery - T1083 Input Capture - T1056 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Service Execution - T1035 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 System Owner/User Discovery - T1033 System Service Discovery - T1007 User Execution - T1204 Service Stop User Execution

Show in Graph

Common Information

Type	Value
UUID	c876dcb8-f2dc-498f-9160-2954a3dff78f
Fingerprint	862b20544e54be0a
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 6, 2021, 5 p.m.
Added to db	Nov. 6, 2023, 7:11 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	McAfee Defender’s Blog: Cuba Ransomware Campaign
Title	McAfee Defender’s Blog: Cuba Ransomware Campaign \| McAfee Blog
Detected Hints/Tags/Attributes	120/4/71

Source URLs

	Redirection	Url
Details	Source	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-cuba-ransomware-campaign/

URL Provider

Details	Provider	Source level domain
Details	mcafee.com	www.mcafee.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	333	✔	—	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	103	www.mcafee.com
Details	Domain	2	cuba4mp6ximo2zlo.onion
Details	Domain	89	protonmail.ch
Details	Domain	144	cock.li
Details	Domain	396	protonmail.com
Details	Domain	5	cuba-supp.com
Details	Domain	34	exploit.im
Details	Domain	2	kurvalarva.com
Details	Email	3	under_amur@protonmail.ch
Details	Email	3	helpadmin2@cock.li
Details	Email	3	helpadmin2@protonmail.com
Details	Email	3	iracomp2@protonmail.ch
Details	Email	2	fedelsupportagent@cock.li
Details	Email	5	admin@cuba-supp.com
Details	Email	7	cuba_support@exploit.im
Details	File	1	insights-dashboard1.html
Details	File	1	151.bat
Details	File	1	151.ps1
Details	File	1	kurva.ps1
Details	md5	2	f739977004981fbe4a54bc68be18ea79
Details	md5	1	68a99624f98b8cd956108fedcc44e07c
Details	md5	1	bdeb5acc7b569c783f81499f400b2745
Details	sha256	1	54627975c0befee0075d6da1a53af9403f047d9e367389e48ae0d25c2a7154bc
Details	sha256	1	c385ef710cbdd8ba7759e084051f5742b6fa8a6b65340a9795f48d0a425fec61
Details	sha256	1	40101fb3629cdb7d53c3af19dea2b6245a8d8aa9f28febd052bb9d792cfbefa6
Details	sha256	1	c4b1f4e1ac9a28cc9e50195b29dde8bd54527abc7f4d16899f9f8315c852afd4
Details	sha256	1	944ee8789cc929d2efda5790669e5266fe80910cabf1050cbb3e57dc62de2040
Details	sha256	1	78ce13d09d828fc8b06cf55f8247bac07379d0c8b8c8b1a6996c29163fa4b659
Details	sha256	3	33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e
Details	sha256	1	672fb249e520f4496e72021f887f8bb86fec5604317d8af3f0800d49aa157be1
Details	sha256	1	e942a8bcb3d4a6f6df6a6522e4d5c58d25cdbe369ecda1356a66dacbd3945d30
Details	sha256	1	907f42a79192a016154f11927fbb1e6f661f679d68947bddc714f5acc4aa66eb
Details	sha256	1	28140885cf794ffef27f5673ca64bd680fc0b8a469453d0310aea439f7e04e64
Details	sha256	1	271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad
Details	sha256	1	6396ea2ef48aa3d3a61fb2e1ca50ac3711c376ec2b67dbaf64eeba49f5dfa9df
Details	sha256	1	bda4bddcbd140e4012bab453e28a4fba86f16ac8983d7db391043eab627e9fa1
Details	sha256	1	7a17f344d916f7f0272b9480336fb05d33147b8be2e71c3261ea30a32d73fecb
Details	sha256	1	c206593d626e1f8b9c5d15b9b5ec16a298890e8bae61a232c2104cbac8d51bdd
Details	sha256	1	9882c2f5a95d7680626470f6c0d3609c7590eb552065f81ab41ffe074ea74e82
Details	sha256	1	1f825ef9ff3e0bb80b7076ef19b837e927efea9db123d3b2b8ec15c8510da647
Details	sha256	1	00ddbe28a31cc91bd7b1989a9bebd43c4b5565aa0a9ed4e0ca2a5cfb290475ed
Details	sha256	1	729950ce621a4bc6579957eabb3d1668498c805738ee5e83b74d5edaf2f4cb9e
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	22	T1566.003
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	40	T1221
Details	MITRE ATT&CK Techniques	121	T1218
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	116	T1134
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	100	T1007
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	1	https://www.mcafee.com/enterprise/en-us/lp/insights-dashboard1.html#
Details	Url	1	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-protects-against-suspicious-email-attachments
Details	Url	1	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-amsi-integration-protects-against-malicious-scripts
Details	Url	2	http://cuba4mp6ximo2zlo.onion