Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-06-12 21:35:46 |
Black Kingdom ransomware (TTPs & IOC) (lien direct) |
We would like to share with the community the following TTPs and IOC related to Black Kingdom ransomware and threat actors using it.Attackers gained initial access to the infrastructure via Pulse Secure VPN vulnerability [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510].For persistence they use a scheduled task [https://attack.mitre.org/techniques/T1053/]. Task name is GoogleUpdateTaskMachineUSA, which resembles a legitimate task of |
Threat
Ransomware
Vulnerability
|
|
|
|
2020-05-20 13:43:15 |
Sodinokibi / REvil / Maze ransomware (TTPs & IOC) (lien direct) |
We secured forensics evidence data in the form of disk images of VPS servers used by cybercriminals behind Sodinokibi / REvil ransomware (we also found Maze ransomware there):decryptor.ccdnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion |
Ransomware
Vulnerability
|
|
|