ioc[.]one - OSINT Cyber Threat Intelligence Database

Kaseya ransomware attack: a cyber kill chain analysis

Tags

cmtmf-attack-pattern:	Active Scanning Application Layer Protocol Command And Scripting Interpreter Data Manipulation Masquerading Supply Chain Compromise
country:	El Salvador Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Active Scanning - T1595 Application Layer Protocol - T1437 Business Relationships - T1591.002 Code Signing - T1553.002 Command And Scripting Interpreter - T1623 Compromise Software Supply Chain - T1195.002 Compromise Software Supply Chain - T1474.003 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data Manipulation - T1641 Data Manipulation - T1565 Defacement - T1491 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 File Deletion - T1070.004 File Deletion - T1630.002 Gather Victim Org Information - T1591 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Internal Defacement - T1491.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Powershell - T1059.001 Rename System Utilities - T1036.003 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Standard Encoding - T1132.001 Stored Data Manipulation - T1565.001 Stored Data Manipulation - T1492 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Supply Chain Compromise - T1474 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Code Signing - T1116 Command-Line Interface - T1059 Data Encoding - T1132 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 File Deletion - T1107 Indicator Removal On Host - T1070 Masquerading - T1036 Modify Registry - T1112 Powershell - T1086 Scheduled Task - T1053 Supply Chain Compromise - T1195 System Time Discovery - T1124 Indicator Removal On Host Masquerading Supply Chain Compromise

Show in Graph

Common Information

Type	Value
UUID	dfffcdce-7c8a-42f0-bc01-2ed63ebffceb
Fingerprint	b52709d9ac4faf09
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 27, 2023, 7:02 a.m.
Added to db	Feb. 27, 2023, 8:52 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Kaseya ransomware attack: a cyber kill chain analysis
Title	Kaseya ransomware attack: a cyber kill chain analysis
Detected Hints/Tags/Attributes	126/4/49

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@frabazzani/kaseya-ransomware-attack-a-cyber-kill-chain-analysis-a4f03956bd30?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	4	dl.asp
Details	File	3	kupload.dll
Details	File	3	userfiltertablerpt.asp
Details	File	13	agent.crt
Details	File	20	screenshot.jpg
Details	File	409	c:\windows\system32\cmd.exe
Details	File	3	ll.exe
Details	File	8	c:\windows\system32\certutil.exe
Details	File	9	c:\windows\cert.exe
Details	File	5	c:\kworking\agent.crt
Details	File	4	c:\kworking\agent.exe
Details	File	1	windowssystem32certutil.exe
Details	File	1	windowscert.exe
Details	File	226	certutil.exe
Details	File	1	%systemdrive%\cert.exe
Details	File	1	kworkingagent.crt
Details	File	1	kworkingagent.exe
Details	File	48	agent.exe
Details	File	4	cert.exe
Details	File	41	mpsvc.dll
Details	File	198	msmpeng.exe
Details	File	1	s5q78-readme.txt
Details	IPv4	2	18.223.199.234
Details	IPv4	4	161.35.239.148
Details	IPv4	3	35.226.94.113
Details	IPv4	3	162.253.124.162
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	36	T1595
Details	MITRE ATT&CK Techniques	5	T1591.002
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	96	T1132
Details	MITRE ATT&CK Techniques	52	T1195
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	164	T1574
Details	MITRE ATT&CK Techniques	56	T1553
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	13	T1565.001
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	30	T1491.001
Details	Windows Registry Key	104	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr