ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Brief: Understanding Akira Ransomware | Qualys Security Blog

Tags

cmtmf-attack-pattern:	Automated Exfiltration Data Encrypted Exploit Public-Facing Application
country:	Australia
attack-pattern:	Data Archive Collected Data - T1560 Archive Collected Data - T1532 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Defacement - T1491 Exploit Public-Facing Application - T1377 File And Directory Discovery - T1420 Hidden Users - T1564.002 Hide Artifacts - T1628 Hide Artifacts - T1564 Inhibit System Recovery - T1490 Internal Defacement - T1491.001 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Ntds - T1003.003 Powershell - T1059.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Run Virtual Instance - T1564.006 Ssh - T1021.004 Vulnerabilities - T1588.006 Automated Exfiltration - T1020 Credential Dumping - T1003 Data Encrypted - T1022 Exploit Public-Facing Application - T1190 External Remote Services - T1133 File And Directory Discovery - T1083 Hidden Users - T1147 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 System Information Discovery - T1082 Valid Accounts - T1078 Exploit Public-Facing Application External Remote Services Remote System Discovery Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	f14fc095-7486-484f-8a67-81afd1928633
Fingerprint	3ed414d867a3a242
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 2, 2024, 10:37 a.m.
Added to db	Oct. 7, 2024, 10:59 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Threat Brief: Understanding Akira Ransomware
Title	Threat Brief: Understanding Akira Ransomware \| Qualys Security Blog
Detected Hints/Tags/Attributes	104/3/35

Source URLs

	Redirection	Url
Details	Source	https://blog.qualys.com/vulnerabilities-threat-research/2024/10/02/threat-brief-understanding-akira-ransomware

URL Provider

Details	Provider	Source level domain
Details	qualys.com	blog.qualys.com

Attributes

Details	Type	#Events	Value
Details	CVE	52	cve-2021-21972
Details	CVE	2	cve-2019-6693
Details	CVE	62	cve-2022-40684
Details	CVE	23	cve-2023-20269
Details	Domain	2	mitre.attack.technique.id
Details	Domain	55	process.name
Details	Domain	1	mitre.attack.technique.name
Details	File	40	netscan.exe
Details	File	69	comsvcs.dll
Details	File	1	log-date-month-year-hour-minute-second.txt
Details	File	1208	powershell.exe
Details	File	25	event.dat
Details	File	256	net.exe
Details	md5	2	e57340a208ac9d95a1f015a5d6d98b94
Details	md5	2	e8139b0bc60a930586cf3af6fa5ea573
Details	md5	2	a1f4931992bf05e9bff4b173c15cab15
Details	md5	2	08bd63480cd313d2e219448ac28f72cd
Details	md5	2	4aecef9ddc8d07b82a6902b27f051f34
Details	md5	2	ab9e577334aeb060ac402598098e13b9
Details	MITRE ATT&CK Techniques	276	T1490
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	2	T1564.002
Details	MITRE ATT&CK Techniques	4	T1564.006
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	30	T1491.001