ioc[.]one - OSINT Cyber Threat Intelligence Database

LockFile ransomware uses PetitPotam attack to hijack Windows domains

Tags

attack-pattern:

Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	eb8d97e8-fde8-4a22-917d-761e851091f1
Fingerprint	253280112a66e437
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 20, 2021, midnight
Added to db	Jan. 18, 2023, 10:52 p.m.
Last updated	Nov. 12, 2024, 6:45 p.m.
Headline	LockFile ransomware uses PetitPotam attack to hijack Windows domains
Title	LockFile ransomware uses PetitPotam attack to hijack Windows domains
Detected Hints/Tags/Attributes	39/1/8

Source URLs

	Redirection	Url
Details	Source	https://www.bleepingcomputer.com/news/security/lockfile-ransomware-uses-petitpotam-attack-to-hijack-windows-domains/

URL Provider

Details	Provider	Source level domain
Details	bleepingcomputer.com	www.bleepingcomputer.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	26		cve-2021-36942
Details	Domain	2		contipauper.com
Details	Email	2		contact@contipauper.com
Details	File	4		active_desktop_render.dll
Details	File	3		active_desktop_launcher.exe
Details	File	196		desktop.ini
Details	File	5		efspotato.exe
Details	IPv4	4		209.14.0.234