RansomEXX
· Published 21/12/2025 06:02 · Modified 21/12/2025 06:02
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:02
- Modified
- 21/12/2025 06:02
- Updated at
- 21/12/2025 06:02
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 27 attack patterns (mitre), 1 malware, 1 sectors, 2 countries, 18 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 27 MITREs 1 Malware 18 Observables 1 APT
Attack patterns (MITRE) (27)
-
T1074.001 usesLocal Data Staging MITRE
-
T1543.003 usesWindows Service MITRE
-
T1078.003 usesLocal Accounts MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1490 usesInhibit System Recovery MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1021.002 usesSMB/Windows Admin Shares MITRE
-
T1078 usesValid Accounts MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1059.003 usesWindows Command Shell MITRE
Malware (1)
-
RansomEXX usesFamily
Sectors (1)
-
Finance targets
Countries (2)
-
India targets
-
British Indian Ocean Territory targets
Indicators (18)
-
78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13dindicates -
335d1c6a758fcce38d0341179e056a471ca84e8a5a9c9d6bf24b2fb85de651a5indicates -
ad635630ac208406cd28899313bef5d4e57dba163018dfb8924de90288e8bab3indicates -
ec2a22d92dd78e37a6705c8116251fabdae2afecb358b32be32da58008115f77indicates -
iq3ahijcfeont3xx.fenaow48fn42.comindicates -
62e9d5b3b4d5654d6ec4ffdcd7a64dfe5372e209b306d07c6c7d8a883e01beadindicates -
http://iq3ahijcfeont3xx.sm4i8smr3f43.comindicates -
48460c9633d06cad3e3b41c87de04177d129906610c5bbdebc7507a211100e98indicates -
https://iq3ahijcfeont3xx.tor2web.blutmagie.deindicates -
981e6f2584f5a4efa325babadcb0845528e8147f3e508c2a1d60ada65f87ce3cindicates -
259670303d1951b6b11491ddf8b76cad804d7a65525eac08a5b6b4473b42818bindicates -
iq3ahijcfeont3xx.tor2web.blutmagie.deindicates
Vulnerabilities (CVE) (1)
9.8
Critical
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead …
- Attack vector
- Network
- Published
- 19/08/2024
- Modified
- 21/12/2025