ioc[.]one - OSINT Cyber Threat Intelligence Database

#StopRansomware: Hive Ransomware | CISA

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Exploit Public-Facing Application
country:	Australia Canada New Zealand United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Email Addresses - T1589.002 Exploit Public-Facing Application - T1377 Firmware - T1592.003 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Inhibit System Recovery - T1490 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Transfer Data To Cloud Account - T1537 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Command-Line Interface - T1059 Exploit Public-Facing Application - T1190 External Remote Services - T1133 Indicator Removal On Host - T1070 Modify Registry - T1112 Powershell - T1086 Regsvr32 - T1117 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Scripting - T1064 Exploit Public-Facing Application External Remote Services Indicator Removal On Host Scripting

Show in Graph

Common Information

Type	Value
UUID	f02c55eb-4c15-49de-8dca-5c0beb0dfeed
Fingerprint	b430a81d0f72d749
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 17, 2022, midnight
Added to db	Feb. 17, 2023, 11:52 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Alert (AA22-321A)
Title	#StopRansomware: Hive Ransomware \| CISA
Detected Hints/Tags/Attributes	127/4/67

Source URLs

	Redirection	Url
Details	Source	https://us-cert.cisa.gov/ncas/alerts/aa22-321a
Details	Source	https://www.cisa.gov/uscert/ncas/alerts/aa22-321a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	us-cert.cisa.gov
Details	cisa.gov	www.cisa.gov

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	257	✔	—	https://us-cert.cisa.gov/ncas/alerts.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	26	cve-2020-12812
Details	CVE	143	cve-2021-31207
Details	CVE	168	cve-2021-34473
Details	CVE	142	cve-2021-34523
Details	CVE	14	cve-2021-42321
Details	Domain	41	stopransomware.gov
Details	Domain	77	mega.nz
Details	Domain	13	send.exploit.in
Details	Domain	18	ufile.io
Details	Domain	20	www.sendspace.com
Details	Domain	10	privatlab.net
Details	Domain	8	privatlab.com
Details	Domain	8	asq.r77vh0.pw
Details	Domain	8	asq.d6shiiwz.pw
Details	Domain	4	asq.swhw71un.pw
Details	Domain	6	asd.s7610rir.pw
Details	Domain	152	cisa.gov
Details	Email	37	report@cisa.gov
Details	File	18	how_to_decrypt.txt
Details	File	10	hive.bat
Details	File	12	shadow.bat
Details	File	3	windows_x64_encrypt.dll
Details	File	4	windows_x64_encrypt.exe
Details	File	3	windows_x32_encrypt.dll
Details	File	4	windows_x32_encrypt.exe
Details	File	95	wevtutil.exe
Details	File	345	vssadmin.exe
Details	File	240	wmic.exe
Details	File	105	bcdedit.exe
Details	IPv4	4	84.32.188.57
Details	IPv4	4	84.32.188.238
Details	IPv4	4	93.115.26.251
Details	IPv4	3	185.8.105.67
Details	IPv4	4	181.231.81.239
Details	IPv4	3	185.8.105.112
Details	IPv4	4	186.111.136.37
Details	IPv4	4	192.53.123.202
Details	IPv4	4	158.69.36.149
Details	IPv4	3	46.166.161.123
Details	IPv4	4	108.62.118.190
Details	IPv4	3	46.166.161.93
Details	IPv4	3	185.247.71.106
Details	IPv4	3	46.166.162.125
Details	IPv4	3	5.61.37.207
Details	IPv4	3	46.166.162.96
Details	IPv4	3	185.8.105.103
Details	IPv4	3	46.166.169.34
Details	IPv4	3	5.199.162.220
Details	IPv4	3	93.115.25.139
Details	IPv4	3	5.199.162.229
Details	IPv4	3	93.115.27.148
Details	IPv4	3	89.147.109.208
Details	IPv4	5	83.97.20.81
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	550	T1112
Details	Url	4	https://mega.nz
Details	Url	5	https://send.exploit.in
Details	Url	4	https://ufile.io
Details	Url	6	https://www.sendspace.com
Details	Url	3	https://privatlab.net
Details	Url	3	https://privatlab.com