Nozelesn and Emotet-Distributed Ransomware Loader
Tags
| cmtmf-attack-pattern: | Process Injection |
| country: | Argentina Venezuela Canada Cyprus Germany Spain Poland |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | dfd77430-8782-42b3-9c7a-9138b36271cb |
| Fingerprint | ae4088f101f71b37 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 29, 2019, midnight |
| Added to db | Jan. 18, 2023, 9:02 p.m. |
| Last updated | Nov. 18, 2024, 10:24 a.m. |
| Headline | Nozelesn and Emotet-Distributed Ransomware Loader |
| Title | Nozelesn and Emotet-Distributed Ransomware Loader |
| Detected Hints/Tags/Attributes | 74/4/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 2 | 636493431.doc |
|
| Details | File | 2 | 942.exe |
|
| Details | File | 2 | indexerneutral.exe |
|
| Details | File | 2 | c:\programdata\kdpzbxzie4oui3cmirj.exe |
|
| Details | File | 2 | c:\programdata\bhb2pt1jmhqdvc8236r.exe |
|
| Details | File | 4 | how_fix_nozelesn_files.htm |
|
| Details | File | 1211 | powershell.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 2 | gigabit-8.exe |
|
| Details | File | 2 | wcdma-78.exe |
|
| Details | File | 2 | c:\programdata\blvds-45\blvds-38.exe |
|
| Details | File | 2 | flywheel-3.exe |
|
| Details | File | 2 | ammeter-66.exe |
|
| Details | File | 2 | debounce-7.exe |
|
| Details | File | 2 | kdpzbxzie4oui3cmirj.exe |
|
| Details | File | 2 | bhb2pt1jmhqdvc8236r.exe |
|
| Details | sha256 | 2 | 38e695287e8f00318c9009714baa096011bc690bf697d4f318a11af808d2f4a0 |
|
| Details | sha256 | 2 | a091f487cf8544d5877bf14462d1bb1c419daf360a7e915a112703ddd4e6a16e |
|
| Details | sha256 | 2 | d5cb1a67ec286e5e2527ef477ab2bef6b5c8f8c4c505e880c902192334259211 |
|
| Details | sha256 | 2 | 885dde202f4e912ae4453f3bb1929f216707a217cb32fec3b9c59d7a755f4d48 |
|
| Details | sha256 | 2 | 23c98f174d4f7ed059b534294f99e130fdf16a04bccf07de626519458c845ea2 |