ioc[.]one - OSINT Cyber Threat Intelligence Database

Examining the Cring Ransomware Techniques

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Event Triggered Execution Exploit Public-Facing Application
country:	Azerbaijan Brazil Italy Saudi Arabia Laos Mexico United States Of America
attack-pattern:	Data Command And Scripting Interpreter - T1623 Commonly Used Port - T1436 Credentials - T1589.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domain Accounts - T1078.002 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over C2 Channel - T1646 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Image File Execution Options Injection - T1546.012 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Lateral Tool Transfer - T1570 Multi-Hop Proxy - T1090.003 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Software - T1592.002 Unsecured Credentials - T1552 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Commonly Used Port - T1043 Connection Proxy - T1090 Credential Dumping - T1003 Custom Command And Control Protocol - T1094 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 File And Directory Discovery - T1083 File Deletion - T1107 Image File Execution Options Injection - T1183 Indicator Removal On Host - T1070 Remote File Copy - T1105 Multi-Hop Proxy - T1188 Remote Desktop Protocol - T1076 Remote Services - T1021 Valid Accounts - T1078 Commonly Used Port Data Destruction Exploit Public-Facing Application Indicator Removal On Host Remote File Copy Service Stop Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	cc85857b-3803-4ee3-8af2-0f7c491fb3cc
Fingerprint	87f6885c1fd7bf89
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 24, 2021, midnight
Added to db	Oct. 15, 2024, 3:16 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Examining the Cring Ransomware Techniques
Title	Examining the Cring Ransomware Techniques
Detected Hints/Tags/Attributes	117/3/32

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ie/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_ph/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_nl/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_id/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_ae/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_no/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_ca/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_gb/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_th/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_se/research/21/i/examining-the-cring-ransomware-techniques.html
Details	Source	https://www.trendmicro.com/en_fi/research/21/i/examining-the-cring-ransomware-techniques.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	11	cve-2010-2861
Details	CVE	150	cve-2018-13379
Details	File	25	ransom.msi
Details	File	48	trojan.bat
Details	File	38	trojan.ps1
Details	sha256	2	f7d270ca0f2b4d21830787431f881cd004b2eb102cc3048c6b4d69cb775511c8
Details	sha256	2	e687308cd4184e17c33fa9e44686e7d6a4d73adf65f7fb3cac9c4ad765b4ffdf
Details	sha256	2	771a680f9a09a7a73ac2678f31f4d82fce49c046cc5f4c415cea5310b833911f
Details	sha256	2	71821ddb0b49f5b91fc520ca3de1c5ea7cee3bf166ddebd625859966fc5221a2
Details	sha256	2	a999e096a9fb6a994f4d58b04001c61bb2d1fd0d4f0fa87a5be0b61b23591f24
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	13	T1546.012
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	118	T1570
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	60	T1043
Details	MITRE ATT&CK Techniques	7	T1188
Details	MITRE ATT&CK Techniques	23	T1094
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	276	T1490