ioc[.]one - OSINT Cyber Threat Intelligence Database

ALPHV ransomware gang analysis

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Network Denial Of Service System Network Connections Discovery
country:	Australia Bahamas Canada China Cuba Netherlands Germany France Italy Spain Lithuania Philippines Puerto Rico Romania Russia United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Cmstp - T1218.003 Command And Scripting Interpreter - T1623 Control Panel - T1218.002 Cron - T1053.003 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Web Service - T1567 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Impersonation - T1656 Ingress Tool Transfer - T1544 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Network Denial Of Service - T1464 Llmnr/Nbt-Ns Poisoning And Smb Relay - T1557.001 System Network Connections Discovery - T1421 Lsa Secrets - T1003.004 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Network Denial Of Service - T1498 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Screensaver - T1546.002 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Service Stop - T1489 Software - T1592.002 Ssh - T1021.004 System Services - T1569 Windows Command Shell - T1059.003 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Cmstp - T1191 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Execution Through Module Load - T1129 Remote File Copy - T1105 Modify Registry - T1112 Powershell - T1086 Screensaver - T1180 Service Execution - T1035 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Windows Management Instrumentation - T1047 Data Destruction Service Stop

Show in Graph

Common Information

Type	Value
UUID	ea7306bc-c53b-4f60-b071-b9f333148e8d
Fingerprint	b7a981db0e83a6c6
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 26, 2022, 7:03 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	ALPHV ransomware gang analysis
Title	ALPHV ransomware gang analysis
Detected Hints/Tags/Attributes	270/4/54

Source URLs

	Redirection	Url
Details	Source	https://www.intrinsec.com/alphv-ransomware-gang-analysis
Details	Source	https://www.intrinsec.com/alphv-ransomware-gang-analysis/

URL Provider

Details	Provider	Source level domain
Details	intrinsec.com	www.intrinsec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	322	✔	Cybersécurité – INTRINSEC	https://www.intrinsec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	av3toruniquehiddenwebaddress.onion
Details	Domain	4128	github.com
Details	Domain	13	id-ransomware.blogspot.com
Details	Domain	1	support-global-it-ss.com
Details	Domain	1	hosting-global-it-ss.com
Details	Domain	1	intrinsec.com
Details	Email	1	contact@intrinsec.com
Details	File	3	zone.js
Details	File	208	setup.exe
Details	File	6	runner.exe
Details	File	1	toolname.exe
Details	File	2	4mmc.exe
Details	File	3	screensaver.exe
Details	File	1	lockbit_gay.exe
Details	File	2	blackcat-ransomware.html
Details	File	8	cmstplua.dll
Details	File	1260	explorer.exe
Details	File	1	sample_alfa_x86_64_linux_encrypt_app.exe
Details	File	1	scriptslocker.exe
Details	File	21	locker.exe
Details	File	2127	cmd.exe
Details	File	1	yourdomainnetlogonlocker.exe
Details	Github username	1	cdong1012
Details	IPv4	1	141.136.44.54
Details	IPv4	97	10.0.0.1
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	44	T1053.003
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	39	T1035
Details	MITRE ATT&CK Techniques	41	T1086
Details	MITRE ATT&CK Techniques	9	T1557.001
Details	MITRE ATT&CK Techniques	16	T1003.004
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	7	T1218.003
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	93	T1485
Details	MITRE ATT&CK Techniques	197	T1489
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	58	T1498
Details	Url	1	http://av3toruniquehiddenwebaddress.onion/?access
Details	Url	1	http://ip_address/files/toolname.exe
Details	Url	2	https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware
Details	Url	1	https://github.com/cdong1012/rust-ransomware
Details	Url	2	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware
Details	Url	1	https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809
Details	Url	1	https://id-ransomware.blogspot.com/2021/12/blackcat-ransomware.html
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters