One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1798882 |
| Date de publication | 2020-05-20 13:43:15 (vue: 2020-07-09 15:05:42) |
| Titre | Sodinokibi / REvil / Maze ransomware (TTPs & IOC) |
| Texte | We secured forensics evidence data in the form of disk images of VPS servers used by cybercriminals behind Sodinokibi / REvil ransomware (we also found Maze ransomware there):decryptor.ccdnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion |
| Envoyé | Oui |
| Condensat | crackmapexec ghost impacket mimikatz pentestbox plink powersploit proxifier pstools 081bea740b6d6deb290b73ca8143967cd9815f5cc88d5d7f43d52b1a16823d93peroxy 0bb3e286fcd2ecf1d62d515eb37c3f54sha1: 112e6ccb547d624e5c2ea7fb93065cf6681ee14f273b2a9968715b0db275a861eventlog 11510 142 1435 15837 190 2019 203 204 452a53d70f89f97c1b0375f980223e460ead4901sha256: 511a2d49df860ce260be59b308851c705816dc5fsha256: 693 6d9134aaa7d3af23bd72e459414160a3sha1: 745657e0c293a484aa85f0cf06f1281464e1b97e7610f5db50fb6219cad0c4adif 7please 90ecf49afa94ffb47ffda283670366f3sha1: :decryptor a7da29f84a8b9443479490538a131b9b90c08942sha256: about addresses:37 also are attackers beforementioned behind bin/cvename browser ccdnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd cgi chiark collected com com/gentilkiwi/mimikatz com/ginuerzh/gost com/maaaaz/crackmapexecwin com/maaaaz/impacket com/powershellmafia/powersploit com/sense community connect connections contact cybercriminals data disk dll entrance eventlog evidence examples exe executables exemd5: exploiting following forensics form found from fw3 fw4 greenend history html https://cve https://github https://pentestbox https://redteam https://www images information initial installed ioc like login machine machines mak maze md5: metasploit mitre name=cve net observed onionaplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd onionin org org/cgi pl/en/#contact point post proxifier psexec pulse ransomware revil secretsdump secure secured security/adrecon servers share short sodinokibi these thx tools tools:adrecon transferred ttps two uk/~sgtatham/putty/latest urls used users using victim victims view vpn vps vulnerability web windows/blob/master/secretsdump would |
| Tags | Ransomware Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.