Diavol - A New Ransomware Used By Wizard Spider? | Fortinet
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f9bb5ca3-339d-4ff2-b0fd-5aac3ac0986e |
| Fingerprint | ac3fa059ee2184dd |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 1, 2021, midnight |
| Added to db | Sept. 11, 2022, 12:34 p.m. |
| Last updated | Nov. 17, 2024, 6:56 p.m. |
| Headline | Diavol - A New Ransomware Used By Wizard Spider? |
| Title | Diavol - A New Ransomware Used By Wizard Spider? | Fortinet |
| Detected Hints/Tags/Attributes | 98/3/66 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | bazarloader.ad |
|
| Details | Domain | 1 | r2gttyb5vqu6swf5.onion |
|
| Details | File | 21 | locker.exe |
|
| Details | File | 1 | locker64.dll |
|
| Details | File | 14 | readme_for_decrypt.txt |
|
| Details | File | 1 | c:\b.txt |
|
| Details | File | 5 | c:\programdata\log.txt |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 13 | sqlmangr.exe |
|
| Details | File | 12 | ragui.exe |
|
| Details | File | 9 | qbcfmonitorservice.exe |
|
| Details | File | 12 | supervise.exe |
|
| Details | File | 20 | fdhost.exe |
|
| Details | File | 13 | culture.exe |
|
| Details | File | 28 | rtvscan.exe |
|
| Details | File | 15 | defwatch.exe |
|
| Details | File | 6 | wxserverview.exe |
|
| Details | File | 62 | sqlbrowser.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 18 | gdscan.exe |
|
| Details | File | 19 | qbw32.exe |
|
| Details | File | 13 | qbdbmgr.exe |
|
| Details | File | 12 | qbupdate.exe |
|
| Details | File | 12 | axlbridge.exe |
|
| Details | File | 17 | 360se.exe |
|
| Details | File | 14 | 360doctor.exe |
|
| Details | File | 12 | qbidpservice.exe |
|
| Details | File | 11 | wxserver.exe |
|
| Details | File | 36 | httpd.exe |
|
| Details | File | 18 | fdlauncher.exe |
|
| Details | File | 11 | msdtsrvr.exe |
|
| Details | File | 15 | tomcat6.exe |
|
| Details | File | 87 | java.exe |
|
| Details | File | 11 | wdswfsafe.exe |
|
| Details | File | 1 | qbcfmonitorservicechrome.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 4 | locker.txt |
|
| Details | File | 3 | unlocker.txt |
|
| Details | File | 1 | wscpy.exe |
|
| Details | File | 3 | readme-for-decrypt.txt |
|
| Details | File | 2 | encr.bmp |
|
| Details | File | 1 | %public%\pictures\encr.bmp |
|
| Details | sha256 | 1 | 85ec7f5ec91adf7c104c7e116511ac5e7945bcf4a8fdecdcc581e97d8525c5ac |
|
| Details | sha256 | 1 | 426ba2acf51641fb23c2efe686ad31d6398c3dd25c2c62f6ba0621455a3f7178 |
|
| Details | sha256 | 2 | 4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618 |
|
| Details | IPv4 | 9 | 111.111.111.111 |
|
| Details | IPv4 | 3 | 222.222.222.222 |
|
| Details | IPv4 | 2 | 2.16.7.12 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 3 | 173.232.146.118 |
|
| Details | MITRE ATT&CK Techniques | 627 | T1027 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 197 | T1489 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 176 | T1135 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 31 | T1559.001 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | MITRE ATT&CK Techniques | 93 | T1485 |
|
| Details | Pdb | 2 | lockmaindib.pdb |
|
| Details | Pdb | 1 | wipeshadowcopies64.pdb |
|
| Details | Pdb | 1 | wipeshadowstoragewin2003_32.pdb |
|
| Details | Pdb | 1 | wipeshadowstoragewin2003_64.pdb |
|
| Details | Url | 1 | http://173.232.146.118/bnyar8rsk04ug |