ioc[.]one - OSINT Cyber Threat Intelligence Database

Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet

Tags

country:	China
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	c9a81e7e-aa5f-4014-81eb-dd61e4de63df
Fingerprint	ae2599d2052387c5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 4, 2019, midnight
Added to db	Jan. 18, 2023, 11:44 p.m.
Last updated	Nov. 18, 2024, 1:24 p.m.
Headline	Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
Title	Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
Detected Hints/Tags/Attributes	48/2/26

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet
Details	Source	https://www.symantec.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com
Details	symantec.com	www.symantec.com

Attributes

Details	Type	#Events	Value
Details	Domain	6	security.cloud
Details	File	1	winsvcs.txt
Details	File	2130	cmd.exe
Details	File	249	schtasks.exe
Details	File	1	c:\users\user\adobeupdate.exe
Details	File	351	recycle.bin
Details	sha256	2	62c3b52b5310393dbf0590bc246161249632a1d2f21c3aa7fb779dc8018a0edf
Details	sha256	2	5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7
Details	sha256	1	0c77b260ee3fdd2754cd4f289efce709519aad34fa3cb84663655a6240e45973
Details	sha256	1	1ab8feefd67f3706a42f996a3291d24a7ab2c5eb67d98236eb73995d587576ad
Details	sha256	1	3ecb650c471d7c8291d084fffd634da0eddc9a473d29792d5033fe5fdcbf4ddd
Details	sha256	1	64d187bed40d023e14d41b1a80d528f5c12dcf743fcb4de91530567d3244e09e
Details	sha256	1	77689e7752470501d26cf8a5e2eb9b4e1ac372b27b2151268e0acf024e355f99
Details	sha256	1	81dab2787f72997afb09fb98ada159f78c3e93f9d3fa83f844e580620d08322a
Details	sha256	1	87fb207ae29baa300c2377625b745667a516e2243e1904ef81b4f7b97b5da1b0
Details	sha256	1	9875c102bbe89ad636096efca6b04d6b843529eb9717d822f7b0b42a087c7332
Details	sha256	1	a0170a01e656cf7089a0d68a1803c3e2ba64ba8996c8eb5ffa8098940cb4c0ec
Details	sha256	1	b9b4511065cb56bd162e143c22cf2afe32e3ee6617ba5a4852182cb0781f18f1
Details	sha256	1	c6f43bedad8b0c3f60d71a2a6c1fab297e144483f17deeb5150bdbe6c73755a4
Details	sha256	1	d746e41e18bb637062881aca207186dc3d005e79c857e025f89ce2a1b3e52ecf
Details	sha256	1	d9edee0541b9a5baf2cb2b1915aef1d034efd4edd4b3c030b508669da1e2aaf2
Details	sha256	1	db627ff946ff64910cf909c81ae51294c4bb6477ee2c620aae1d0f7a7208b6b5
Details	sha256	1	f4909c420e208e4728116e8b0f4254c9f741d864f9618cddbe3f51b71f602066
Details	sha256	1	fa2993f2455971244350178008cc671fb739b53d79b594c80e69047421ce1666
Details	sha256	1	bf480a5862210b9e033f270379bb95c1d1fadd16bf0d21db5bfbc9268ae595ac
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List