ioc[.]one - OSINT Cyber Threat Intelligence Database

EKANS Ransomware and ICS Operations | Dragos Dragos

Tags

cmtmf-attack-pattern:	Forced Authentication
country:	Bahrain Iran Saudi Arabia
attack-pattern:	Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Forced Authentication - T1187 Loss Of Control Loss Of View

Show in Graph

Common Information

Type	Value
UUID	dc55d957-37d1-4403-ac96-8910ce849239
Fingerprint	b73428f720f68e43
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 3, 2020, 2:59 p.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 14, 2024, 2:12 a.m.
Headline	EKANS Ransomware and ICS Operations
Title	EKANS Ransomware and ICS Operations \| Dragos Dragos
Detected Hints/Tags/Attributes	109/3/73

Source URLs

	Redirection	Url
Details	Source	https://dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/
Details	Source	https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/

URL Provider

Details	Provider	Source level domain
Details	dragos.com	www.dragos.com
Details	dragos.com	dragos.com

Attributes

Details	Type	#Events	Value
Details	Domain	24	ctemplar.com
Details	Email	1	bapcocryp@ctemplar.com
Details	File	175	update.exe
Details	File	2	bluestripecollector.exe
Details	File	2	ccflic0.exe
Details	File	2	ccflic4.exe
Details	File	2	cdm.exe
Details	File	2	certificateprovider.exe
Details	File	69	client.exe
Details	File	2	client64.exe
Details	File	2	collwrap.exe
Details	File	2	config_api_service.exe
Details	File	2	dsmcsvc.exe
Details	File	2	epmd.exe
Details	File	3	erlsrv.exe
Details	File	4	fnplicensingservice.exe
Details	File	2	hasplmv.exe
Details	File	2	hdb.exe
Details	File	4	healthservice.exe
Details	File	1	ilicensevc.exe
Details	File	2	inet_gethost.exe
Details	File	2	keysvc.exe
Details	File	3	managementagenthost.exe
Details	File	6	monitoringhost.exe
Details	File	10	msdtssrvr.exe
Details	File	10	msmdsrv.exe
Details	File	1	mustnotificationux.exe
Details	File	11	n.exe
Details	File	2	nimbus.exe
Details	File	2	npmdagent.exe
Details	File	2	ntevl.exe
Details	File	2	ntservices.exe
Details	File	1	pralarmmgr.exe
Details	File	1	prcalculationmgr.exe
Details	File	1	prconfigmgr.exe
Details	File	1	prdatabasemgr.exe
Details	File	1	premailengine.exe
Details	File	1	preventmgr.exe
Details	File	1	prftpengine.exe
Details	File	1	prgateway.exe
Details	File	1	prlicensingmgr.exe
Details	File	1	proficyadministrator.exe
Details	File	3	proficyclient.exe
Details	File	1	proficypublisherservice.exe
Details	File	1	proficyserver.exe
Details	File	1	proficysts.exe
Details	File	1	prprintserver.exe
Details	File	1	prproficymgr.exe
Details	File	1	prrds.exe
Details	File	1	prreader.exe
Details	File	1	prrouter.exe
Details	File	1	prschedulemgr.exe
Details	File	1	prstubber.exe
Details	File	1	prsummarymgr.exe
Details	File	1	prwriter.exe
Details	File	7	reportingservicesservice.exe
Details	File	2	server_eventlog.exe
Details	File	2	server_runtime.exe
Details	File	4	spooler.exe
Details	File	119	sqlservr.exe
Details	File	26	taskhostw.exe
Details	File	15	vgauthservice.exe
Details	File	26	vmacthlp.exe
Details	File	74	vmtoolsd.exe
Details	File	1	win32sysinfo.exe
Details	File	1	winvnc4.exe
Details	File	1	workflowresttest.exe
Details	md5	1	3d1cc4ef33bad0e39c757fce317ef82a
Details	md5	1	53dddbb304c79ae293f98e0b151c6b28
Details	sha1	1	f34e4b7080aa2ee5cfee2dac38ec0c306203b4ac
Details	sha1	1	2632529b0fb7ed46461c406f733c047a6cd4c591
Details	sha256	5	e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60
Details	sha256	1	873aa376573288fcf56711b5689f9d2cf457b76bbc93d4e40ef9d7a27b7be466