Ransomware: Growing Number of Attackers Using Virtual Machines
Tags
country: Russia
attack-pattern: Software - T1592.002
Show in Graph
Common Information
Type Value
UUID fe55ae73-c7a2-48f5-805e-3e6d1eee2c9e
Fingerprint b713019921a78667
Analysis status DONE
Considered CTI value 2
Text language
Published June 23, 2021, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Ransomware: Growing Number of Attackers Using Virtual Machines
Title Ransomware: Growing Number of Attackers Using Virtual Machines
Detected Hints/Tags/Attributes 37/2/16
Source URLs
Redirection Url
Details Source https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines
URL Provider
Details Provider Source level domain
Details security.com symantec-enterprise-blogs.security.com
Attributes
Details Type #Events CTI Value
Details File 1 
fuckyou.msi
Details File 1 
fuck.msi
Details File 1 
aa51978f.msi
Details File 1 
s3c.msi
Details File 6 
runner.exe
Details File 82 
taskkill.exe
Details File 118 
sc.exe
Details File 1 
starter.bat
Details File 1 
virtualbox.xml
Details File 2 
micro.xml
Details File 95 
wevtutil.exe
Details sha256 1 
2eae8e1c2e59527b8b4bb454a51b65f0ea1b0b7476e1c80b385f579328752836
Details sha256 1 
9f801a8d6b4801b8f120be9e5a157b0d1fc3bbf6ba11a7d202a9060e60b707d8
Details sha256 1 
e5291bae18b0fa3239503ab676cacb12f58a69eb2ec1fd3d0c0702b5a29246cb
Details sha256 1 
d89bd47fb457908e8d65f705f091372251bae3603f5ff59afb2436abfcf976d8
Details sha256 1 
8f247e4149742532b8a0258afd31466f968af7b5ac01fdb7960ac8c0643d2499