ioc[.]one - OSINT Cyber Threat Intelligence Database

New Golang Ransomware Agenda Customizes Attacks

Tags

cmtmf-attack-pattern:	Process Injection
country:	Indonesia Saudi Arabia Thailand South Africa
attack-pattern:	Data Credentials - T1589.001 Email Addresses - T1589.002 Impersonation - T1656 Ip Addresses - T1590.005 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Vulnerabilities - T1588.006 Process Injection - T1055 Scheduled Task - T1053 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	e8236fcf-f916-41b7-a093-4521570793c6
Fingerprint	b63139f9821a1247
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 25, 2022, midnight
Added to db	Jan. 18, 2023, 11:50 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	New Golang Ransomware Agenda Customizes Attacks
Title	New Golang Ransomware Agenda Customizes Attacks
Detected Hints/Tags/Attributes	68/3/38

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ie/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html
Details	Source	https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html
Details	Source	https://www.trendmicro.com/en_se/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html
Details	Source	https://www.trendmicro.com/en_ae/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html
Details	Source	https://www.trendmicro.com/en_gb/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	7	c:\windows\system32\bcdedit.exe
Details	File	19	nmap.exe
Details	File	3	nping.exe
Details	File	345	vssadmin.exe
Details	File	9	a2service.exe
Details	File	8	a2start.exe
Details	File	5	aawservice.exe
Details	File	8	ashserv.exe
Details	File	9	avengine.exe
Details	File	8	avkwctl.exe
Details	File	9	blackd.exe
Details	File	15	cfp.exe
Details	File	7	fsav32.exe
Details	File	14	fsdfwd.exe
Details	File	6	fsguiexe.exe
Details	File	7	kpf4gui.exe
Details	File	16	mcods.exe
Details	File	3	mcpalmcfg.exe
Details	File	3	mcproxy.exe
Details	File	3	mcregwiz.exe
Details	File	5	mcsacore.exe
Details	File	45	mcshield.exe
Details	File	4	mpfagent.exe
Details	File	4	mpfservice.exe
Details	File	198	msmpeng.exe
Details	File	3	msscli.exe
Details	File	4	nisum.exe
Details	File	29	ntrtscan.exe
Details	File	5	pccpfw.exe
Details	File	3	tmntsrv.exe
Details	File	13	enc.exe
Details	File	2	%public%\enc.exe
Details	File	2	-recover-readme.txt
Details	File	3	pwndll.dll
Details	File	2	wicloader.dll
Details	File	1122	svchost.exe
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
Details	Windows Registry Key	7	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce