Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Tags
country: South Korea
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID e803e72d-cc6e-4456-ae12-e4989c1dd146
Fingerprint ac301dd91c93822b
Analysis status DONE
Considered CTI value 0
Text language
Published May 15, 2023, 8 a.m.
Added to db Aug. 30, 2024, 10:10 p.m.
Last updated Nov. 14, 2024, 10:55 p.m.
Headline Cisco Talos Blog
Title Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Detected Hints/Tags/Attributes 45/2/5
Source URLs
Redirection Url
Details Redirection https://blog.talosintelligence.com/ra-group-ransomware
Details Source https://blog.talosintelligence.com/ra-group-ransomware/
Details Source https://blog.talosintelligence.com/ra-group-ransomware/?&web_view=true
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 68 Cisco Talos Blog https://blog.talosintelligence.com/rss/ 2024-08-30 22:08
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 26 
gofile.io
Details Domain 904 
snort.org
Details File 140 
files.txt
Details File 344 
vssadmin.exe
Details Pdb 3 
e.pdb