Ransomware on the Rise: Buran’s transformation into Zeppelin
Tags
Common Information
| Type | Value |
|---|---|
| UUID | fc48b005-5fa1-48d2-a487-7634da67d1e9 |
| Fingerprint | 82bea8ba96a3b7c1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 30, 2020, 2:19 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Ransomware on the Rise: Buran’s transformation into Zeppelin |
| Title | Ransomware on the Rise: Buran’s transformation into Zeppelin |
| Detected Hints/Tags/Attributes | 62/3/60 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | geoiptool.com |
|
| Details | Domain | 1 | geoiptools.com |
|
| Details | Domain | 47 | iplogger.org |
|
| Details | Domain | 9 | blog.emsisoft.com |
|
| Details | File | 57 | agntsvc.exe |
|
| Details | File | 91 | msaccess.exe |
|
| Details | File | 27 | sql.exe |
|
| Details | File | 46 | msftesql.exe |
|
| Details | File | 58 | sqlagent.exe |
|
| Details | File | 57 | encsvc.exe |
|
| Details | File | 102 | mspub.exe |
|
| Details | File | 62 | sqlbrowser.exe |
|
| Details | File | 54 | isqlplussvc.exe |
|
| Details | File | 57 | mydesktopqos.exe |
|
| Details | File | 21 | sqlserver.exe |
|
| Details | File | 4 | anvir.exe |
|
| Details | File | 60 | mydesktopservice.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 4 | anvir64.exe |
|
| Details | File | 43 | mysqld-nt.exe |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 3 | apache.exe |
|
| Details | File | 40 | mysqld-opt.exe |
|
| Details | File | 57 | synctime.exe |
|
| Details | File | 3 | backup.exe |
|
| Details | File | 57 | mysqld.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 10 | ccleaner.exe |
|
| Details | File | 2 | ncsvc.exe |
|
| Details | File | 56 | tasklist.exe |
|
| Details | File | 8 | ccleaner64.exe |
|
| Details | File | 57 | ocautoupds.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 58 | dbeng50.exe |
|
| Details | File | 57 | ocomm.exe |
|
| Details | File | 55 | tbirdconfig.exe |
|
| Details | File | 61 | dbsnmp.exe |
|
| Details | File | 57 | ocssd.exe |
|
| Details | File | 4 | tomcat.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 15 | tomcat6.exe |
|
| Details | File | 6 | far.exe |
|
| Details | File | 1 | u8.exe |
|
| Details | File | 41 | firefoxconfig.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 1 | ufida.exe |
|
| Details | File | 52 | infopath.exe |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 86 | visio.exe |
|
| Details | File | 55 | sqbcoreservice.exe |
|
| Details | File | 56 | xfssvccon.exe |
|
| Details | File | 2 | kingdee.exe |
|
| Details | File | 3 | winupas.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | sha256 | 1 | 7f0dcd4b9d8881fd0c42a6d605f843c496b7ed1fc3ae3a29d0bd37e851eaadfb |
|
| Details | sha256 | 1 | 1cefe918ae56ebd3c2de309efbdd3a99808c823615a11a58bf144d3d6699f69b |
|
| Details | Url | 1 | http://geoiptool.com |
|
| Details | Url | 1 | https://www.symantec.com/blogs/expert-perspectives/ransomware-activity-declines-remains-dangerous-threat |
|
| Details | Url | 1 | https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019 |
|
| Details | Url | 1 | https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate |