当前位置:首页 > 报告详情

解剖蝉:在黑猫的阴影下.pdf

上传人: 可*** 编号:991902 2025-12-07 35页 6.04MB

1、Title xxxxxxxxxName,role,dateTitleName,Role,DateDissecting the Cicada In the Shadow of the Black CatMattias Whlen,Nicklas KeijserA Ransomware Incident Autumn 2024 Less then 50 Servers ESXi ransomware Previously Unknown Threat ActorForensic ResultsBrute-force NetSupportWinSCPCicada3301WinRM and RDPSc

2、reenConnectAngry IP Scannerpypykatz and MimikatzRemote ServicesData ExfiltrationRansomwareLateral MovementRemote ControlInternal ReconnaissancePrivilege EscalationIndicators of Compromise91.92.249.203-First NetSupport Login 109.107.173.60-ScreenConnect C2The ErosionThe Deja-VuThe KeyThe ChecksThe No

3、te-CicadaThe Note-BlackCatThe Encrypted FilesThe ParametersThe ResemblancesSimilaritiesWritten in RustUse ChaCha20 for file encryptionAlmost identical use of esxcli to shut down virtual machines and remove snapshotsThe usage of the ui commandDecrypting configuration and ransomware with a key provide

4、d as a parameterSame naming convention on encrypted filesSame built in list to terminate processesCicada3301 has an updated list of services to terminateCredits*Windows binary Same command line as BlackCat Especially the use of bcdedit Stopping services and processes Same exclusion of files and dire

5、ctories Similar toolset Sharing infrastructure*https:/ There a Connection?Jan2024 Feb Mar AprMayJunJul Aug Sep Cicada3301BlackCat/ALPHV?From a Cat to a CicadaThe Demise of Black CatLaw Enforcement Takedown Dec 2023Exit Scam in Mar 2024The InfrastructureThe Virtual Machine*https:/www.sygnia.co/blog/b

6、lackcat-ransomware/There is Likely a Connection!Jan2024 Feb Mar AprMayJunJul Aug Sep Cicada3301BlackCat/ALPHVWho Are Cicada 3301?Ransomware-as-a-ServiceRansomware GroupAffiliateDevelop ransomwareDoes the hackingDevelops other toolsUses toolkitHosts stolen dataSteals dataAssist in negotiationsDetermi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **Cicada3301 ransomware**:一种新的勒索软件,与BlackCat/ALPHV有相似之处,但尚未证实其为BlackCat的重新品牌。 - **技术特征**:使用Rust编写,采用ChaCha20加密,与BlackCat有相似命令行和工具集。 - **攻击模式**:通过Brutus botnet进行密码猜测,使用NetSupport等工具进行横向移动。 - **运营模式**:疑似为Ransomware-as-a-Service(RaaS),内部结构复杂,包括数据泄露站点和电话银行支持。 - **时间线**:从2024年1月开始活跃,3月出现Brutus botnet,6月发布新版本,8月首次出现受害者。 - **幕后团队**:疑似由名为AbyssWalker的资深网络犯罪分子领导,与Rust程序员“mrjorj”合作。 - **调查结论**:通过技术分析、法医分析和OSINT,可以更全面地了解威胁行为者;建立时间线有助于可视化活动;启动新的RaaS并非易事;尽管没有确凿证据,但Cicada3301可能与BlackCat有关联。
黑猫变蝉?揭秘RaaS新势力!" "Ransomware新秀Cicada3301,与BlackCat有何关联?" Cicada3301的崛起与操作揭秘!"
客服
商务合作
小程序
服务号
折叠