OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
AI Analysis
Technical Summary
The Egregor ransomware-as-a-service (RaaS) operation has been identified as continuing its disruptive activities by leveraging tools such as Cobalt Strike and Rclone. Egregor is a ransomware strain known for encrypting victim data and demanding ransom payments, often accompanied by data exfiltration and double extortion tactics. The use of Cobalt Strike, a legitimate penetration testing tool frequently abused by threat actors, indicates that Egregor operators employ advanced post-exploitation frameworks to move laterally within networks, escalate privileges, and deploy payloads stealthily. Rclone, a command-line program to manage files on cloud storage, is utilized by attackers to exfiltrate stolen data efficiently to cloud repositories, facilitating the double extortion strategy where sensitive data is threatened to be leaked if ransom demands are not met. This combination of tools enhances the operational capabilities of the Egregor ransomware group, making their campaigns more sophisticated and harder to detect. The threat is categorized under ransomware, network activity, payload delivery, and external analysis, highlighting its multifaceted attack vectors and the ongoing intelligence gathering around its tactics. Although no specific affected software versions or patches are indicated, the persistent nature of this RaaS and its use of widely available tools underscore the importance of vigilance against such threats. The medium severity rating reflects the significant but not catastrophic impact potential, considering the complexity and reach of the attack methods involved.
Potential Impact
For European organizations, the Egregor ransomware threat poses substantial risks to data confidentiality, integrity, and availability. The use of Cobalt Strike enables attackers to infiltrate networks deeply, potentially compromising critical infrastructure, intellectual property, and sensitive personal data protected under GDPR. The exfiltration of data via Rclone to cloud storage increases the risk of data breaches and subsequent regulatory penalties. Disruption caused by ransomware encryption can halt business operations, leading to financial losses and reputational damage. The double extortion tactic intensifies pressure on organizations to comply with ransom demands, as leaked data can cause further harm. Sectors such as finance, manufacturing, healthcare, and government agencies in Europe are particularly vulnerable due to their reliance on complex IT environments and the value of their data. The threat also complicates incident response efforts, as attackers may maintain persistence and use legitimate tools to evade detection, increasing recovery times and costs.
Mitigation Recommendations
European organizations should implement a layered defense strategy tailored to counter the specific tactics used by Egregor operators. This includes deploying advanced endpoint detection and response (EDR) solutions capable of identifying Cobalt Strike behaviors such as beaconing and lateral movement. Network segmentation should be enforced to limit attacker mobility. Monitoring for unusual use of tools like Rclone, especially outbound data transfers to cloud services, can help detect exfiltration attempts. Regularly updating and patching all systems, even if no direct patch for Egregor exists, reduces the attack surface. Implementing strict access controls and multi-factor authentication (MFA) minimizes privilege escalation risks. Conducting frequent backups with offline or immutable storage ensures data recovery without paying ransom. Employee training on phishing and social engineering attacks, common initial vectors for ransomware, is essential. Finally, establishing and rehearsing incident response plans that include coordination with law enforcement and cybersecurity authorities will improve resilience against such threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Poland
Indicators of Compromise
- ip: 45.153.242.129
- ip: 217.8.117.148
- ip: 45.11.19.70
- file: 49.12.104.241
- hash: 81
- ip: 185.238.0.233
- hash: 8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9
- hash: 3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f
- hash: 2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf
- hash: 444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459
- hash: c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1
- hash: 004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a
- hash: 608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9
- hash: 3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63
- hash: 4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97
- hash: 9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44
- hash: ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541
- hash: 765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab
- hash: 14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4
- hash: 3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55
- hash: f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c
- hash: a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436
- hash: 3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07
- hash: 6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780
- hash: 932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e
- url: http://185.238.0.233/p.dll
- url: http://185.238.0.233/b.dll
- url: http://185.238.0.233/sed.dll
- url: http://185.238.0.233/hnt.dll
- url: http://185.238.0.233/88/k057.exe
- url: http://185.238.0.233/newsvc.zip
- url: http://egregoranrmzapcv.onion
- url: https://egregornews.com/
- url: http://egregor4u5ipdzhv.onion/
- link: https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/
- hash: 6f600974c45eec97016c1259e769a4ef
- hash: 56eed20ea731d28d621723130518ac00bf50170d
- hash: 9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44
- datetime: 2020-12-10T13:44:49+00:00
- link: https://www.virustotal.com/gui/file/9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44/detection/f-9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44-1607607889
- text: 59/70
- hash: 666f8d920f85f9afffcf0865a98efe69
- hash: 50c3b800294f7ee4bde577d99f2118fc1c4ba3b9
- hash: a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436
- datetime: 2021-01-01T01:23:15+00:00
- link: https://www.virustotal.com/gui/file/a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436/detection/f-a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436-1609464195
- text: 54/70
- hash: 44a7085f729b68073b5c67bbc66829cc
- hash: 3c03a1c61932bec2b276600ea52bd2803285ec62
- hash: 8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9
- datetime: 2020-12-16T04:36:39+00:00
- link: https://www.virustotal.com/gui/file/8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9/detection/f-8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9-1608093399
- text: 54/69
- hash: 0de24cec66ef9d1042be7cf12b87cfc4
- hash: f7bf7cea89c6205d78fa42d735d81c1e5c183041
- hash: 765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab
- datetime: 2020-12-30T16:37:33+00:00
- link: https://www.virustotal.com/gui/file/765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab/detection/f-765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab-1609346253
- text: 55/70
- hash: de3110dce011088cd4add1950a49182f
- hash: c9da06e3dbf406aec50bc145cba1a50b26db853a
- hash: 608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9
- datetime: 2020-12-21T17:59:21+00:00
- link: https://www.virustotal.com/gui/file/608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9/detection/f-608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9-1608573561
- text: 0/59
- hash: 8ba3a9d73903bd252f8d99a682d60858
- hash: 95aea6b24ed28c6ad13ec8d7a6f62652b039765e
- hash: 444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459
- datetime: 2020-12-18T09:52:23+00:00
- link: https://www.virustotal.com/gui/file/444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459/detection/f-444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459-1608285143
- text: 14/60
- hash: 81bc3a2409991325c6e71a06f6b7b881
- hash: 38c88de0ece0451b0665f3616c02c2bad77a92a2
- hash: 2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf
- datetime: 2020-12-08T20:04:16+00:00
- link: https://www.virustotal.com/gui/file/2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf/detection/f-2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf-1607457856
- text: 60/68
- hash: 65c320bc5258d8fa86aa9ffd876291d3
- hash: f0215aac7be36a5fedeea51d34d8f8da2e98bf1b
- hash: 3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f
- datetime: 2020-12-30T20:10:05+00:00
- link: https://www.virustotal.com/gui/file/3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f/detection/f-3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f-1609359005
- text: 58/69
- hash: ac33fea4c2a9bbca3559142838441f84
- hash: 948ef8caef5c1254be551cab8a64c687ea0faf84
- hash: 932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e
- datetime: 2020-12-14T11:31:47+00:00
- link: https://www.virustotal.com/gui/file/932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e/detection/f-932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e-1607945507
- text: 57/69
- hash: dd8e8bfb45fcd5f0621fe7085bfcab94
- hash: 5c99dc80ca69ce0f2d9b4f790ec1b57dba7153c9
- hash: 3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07
- datetime: 2020-12-08T20:09:40+00:00
- link: https://www.virustotal.com/gui/file/3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07/detection/f-3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07-1607458180
- text: 55/70
- hash: 427105821263afeeccca05b43ea8dac4
- hash: fa33fd577f5eb4813bc69dce891361871cda860c
- hash: ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541
- datetime: 2020-12-11T02:01:31+00:00
- link: https://www.virustotal.com/gui/file/ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541/detection/f-ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541-1607652091
- text: 56/69
- hash: d1aa0f26f557addd45e0d9fa4afecf15
- hash: f1603f1ddf52391b16ee9e73e68f5dd405ab06b0
- hash: 14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4
- datetime: 2020-12-10T13:38:09+00:00
- link: https://www.virustotal.com/gui/file/14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4/detection/f-14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4-1607607489
- text: 57/70
- hash: a922987d1488e2dede7e39a99faf98bb
- hash: beb48c2a7ff957d467d9199c954b89f8411d3ca8
- hash: 6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780
- datetime: 2020-12-08T20:11:25+00:00
- link: https://www.virustotal.com/gui/file/6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780/detection/f-6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780-1607458285
- text: 57/67
- hash: 5f9fcbdf7ad86583eb2bbcaa5741d88a
- hash: 03cdec4a0a63a016d0767650cdaf1d4d24669795
- hash: 004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a
- datetime: 2020-12-11T07:11:00+00:00
- link: https://www.virustotal.com/gui/file/004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a/detection/f-004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a-1607670660
- text: 58/68
- hash: 9b7ccaa2ae6a5b96e3110ebcbc4311f6
- hash: 3cc616d959eb2fe59642102f0565c0e55ee67dbc
- hash: c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1
- datetime: 2020-12-08T20:00:16+00:00
- link: https://www.virustotal.com/gui/file/c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1/detection/f-c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1-1607457616
- text: 59/70
- hash: 1d6aa29e98d3f54b8c891929c34eb426
- hash: ceca1a691c736632b3e98f2ed5b028d33c0f3c64
- hash: 3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63
- datetime: 2020-12-10T13:40:24+00:00
- link: https://www.virustotal.com/gui/file/3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63/detection/f-3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63-1607607624
- text: 55/70
- hash: c3c7a97da396085eb48953e638c3c9c6
- hash: 8768cf56e12a81d838e270dca9b82d30c35d026e
- hash: 3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55
- datetime: 2021-01-04T14:00:43+00:00
- link: https://www.virustotal.com/gui/file/3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55/detection/f-3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55-1609768843
- text: 58/70
- hash: c96df334b5ed70473ec6a58a545208b6
- hash: f6ad7b0a1d93b7a70e286b87f423119daa4ea4df
- hash: 4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97
- datetime: 2020-12-26T00:01:37+00:00
- link: https://www.virustotal.com/gui/file/4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97/detection/f-4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97-1608940897
- text: 54/69
- hash: 7375083934dd17f0532da3bd6770ab25
- hash: ac6d919b313bbb18624d26745121fca3e4ae0fd3
- hash: f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c
- datetime: 2020-12-29T02:03:45+00:00
- link: https://www.virustotal.com/gui/file/f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c/detection/f-f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c-1609207425
- text: 25/60
- text: RSA
- text: pWEzuKkw9nY82VRKYfrw4f4wvrnfnKEApQ5JTkf/YQPzxJtJmwKUjXV759aYQnPIZdGN1RUckdpMZWiYGmsWFYzkNJZpsPihvk9c14zLJDJdmpitYvoy22JFox9iBHqhFAjDC37kzpVH6bafVABdUgUdr0r2EzK+ysJBiR0Ge28ToH94wJTXwBC7hi3G42vk4KmLncPm55NUuz9ZzQ+xqovtN/RyDNL8MDbW4lHWe9Lmi5qlNN/ckIgwDh+sI1rO/T+DmS1Uoo62QWeYTgmlRaCp91AfeC7mNFkXvXUVMs3GlqpIrgbMLPBbBi04sra/pmXp9oteZK4b1fAWKgDZ2B0f11AiX9SFIpJn8odT+Z0tVL2H8IKvANB1507SGq3S2JR3a6SLGODy3yjm3vwfnyaVqL1gNNudkDc5dLVx0tavBj2h5v1PMDCFYpuSZ56qYY1VeQfA56bsPKI2J102ztOktaFmU9jI3G3oxBCV9j1JKOJhltPRjyXAmg9o3sqB5VCxPzmMIL+bxJnEelHdBzVdRpY4pPyEPmdrn2mQ5sXwIA1RfdvF9JruxQF/0yl2WKqK0CE4pKazQWdrYdQaLTPCdMxZv7JKO8Dy5vyHBW08+UTJEuEiQa6Q/1qVkGipUPgK4Wpg3iP6xas9SaV1ovy1o2yC0beVhD+Ean6/5/lfIiG1w/ouzyq0Vprhfmr59ftnduimCDgAPi9mv2Fzg1BcGYt5P0qE7Ya0ycGFyvNvS2eoiA5mjvN67R6jeJ8JF0fPnz7O2QMldjZj0uVfAoMHlgaRP74vOKfOzFHCiPhyXwe8V9Wd3xjctlG4PCVMuUvYn7BFSW82AMefXIWTeIhHD4UdoAuZ3sHsgsFyyaTdVo1WCEWJtMMN0FOyhF0m1R5ozQPJSyuaOUzrDU1fKD57v3Cf5T860kath1w+CQAeWXdbXSR0mvN45rPgYN24qVvvB6kle5Vr20x0EZJ4viCERcreKcJqOV/0GwZU4BR8jUGQkokgD3UvJQf0Vu4mIv6vLZUtvRvEl3URsZNWh7nnKR5jjq3Tx911IH+UQznFncGD402REUpyADZpv0aRfyMZzZFecaxlo/EMS8lhkeukkZQJiwXJH2SV77olADcOfnaOQEq+YU23kRJf+YOdKW3E9NsqF1MKLTdn5+31ka4OyN7wed9HVyJj+clXkNT/YJkS/E869Hm1MPBQv+25451tiXgGcKo/9L5BFmmy77TxYuZMjuRVIanXWwK8tQ+kz0gEj1BG4I477yrhqN2yaQQ2cZ7QhpNPFlnsereCoI8rNBRBp/VgxKS+AKqkKj9UyghlABrYlRypEsM7FDC44tvDJILfb+9IL70qEe+BdPmIIv4/HWHJSEI7K9MWLah7cX4OGLG2eqT9pSkLISFvyEM+9ylo3WYWx2G0m5s0r7O+jRAOdZ1Joy5eGx7PPRCnVcEv0IyhNnFpz4HsNibUAR664rZ+Os05SDNitn3t8RgtAcvTdNHAbtNGLZZj/7KFIyGb1f37teR9/oty8BFsaHhRNVHx22+u+AFR/HbucnbY+prvzAWY3dpjQIO2O+3HoCuz2MXx5gFIfJ0pIA6V9px/j4LOPGPfN159CRItKeOy3ZLtKByaD+FwHBzYHpIWgCvL2vWo+eRWF66oYNvDhB5yVtDgXx0LU789ypKu/vjuvo7obGEoF3NoxJhmNS4DfVMzsy4YdBRhHrBfF36a8ahFSBApu9cd0RmuT09hKmV7m+EGGCXr+MNvzlFQSMzt5Ce5Mj9w507PN/IDLQz8h6236WGZSH2iM2PGUq/UF1wADoHSjPXRcfPparHHHPTcZZkil4HMWP6Y+gDlN0BKKl9ntqyd8QiiqDqwcJIZZG4Jm6lRIhvpBZ14P+z83zePzjMNhVkNVnU4sfDRaemkxZFPF+hGM/PEvqFuEOsX4LfWxOpwLAf+OLLpe71+6QdKDAcwf6553t0TOPCqGr3B+flGGAhi0pqCeAsB0KzS28MakLBxJQPkR/E+F0tHmwBYCCl0haxZnBZ9rJVApq2rAAENA2gQLPaStc0DzrdkIRY6r789la7OzAUqvcTyX8fq/xfYJpz+zUt4PUcVWxoO1+1g9+BpCAlPgZEkIKSbqoSNtkeIMz65CthNiCsX817p8nqBb4BdpcuCihoL49fK6fn/WUnj3xaTiQuNDnvcW9NARgIzqu2lvsZa+qvDBW99gsaeLb4feNlGqZUk98zht7GvywgFEAEYASCAAigAOg5QAEgAWABGAFMAMgAAAEIiQgAwADIARAAwAEYAMwAyAEEAMQBDADkAMgBFADAAOAAAAEqQAXwAQQA6AFIAXwAwAC8AMAB8AEMAOgBGAF8ANAA0ADMAMAA4AC8ANwA2ADQANAA3AHwARAA6AEMAXwAwAC8AMAB8AEUAOgBGAF8AMQA3ADEANgA0ADQALwAyADAAOQA3ADEANAA5AHwARgA6AEYAXwAyADkANAA5ADQANQAvADIAMAA0ADcAOAA2ADgAfAAAAFIQagBnAHIAYQBuAGoAYQAAAGgDckBXAGkAbgBkAG8AdwBzACAAUwBlAHIAdgBlAHIAIAAyADAAMQAyACAAUgAyACAAUwB0AGEAbgBkAGEAcgBkAAAAehJJAE0AUABSAEkATQBJAFMAAAA=
- text: malware-extraction
OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
Description
OSINT - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
AI-Powered Analysis
Technical Analysis
The Egregor ransomware-as-a-service (RaaS) operation has been identified as continuing its disruptive activities by leveraging tools such as Cobalt Strike and Rclone. Egregor is a ransomware strain known for encrypting victim data and demanding ransom payments, often accompanied by data exfiltration and double extortion tactics. The use of Cobalt Strike, a legitimate penetration testing tool frequently abused by threat actors, indicates that Egregor operators employ advanced post-exploitation frameworks to move laterally within networks, escalate privileges, and deploy payloads stealthily. Rclone, a command-line program to manage files on cloud storage, is utilized by attackers to exfiltrate stolen data efficiently to cloud repositories, facilitating the double extortion strategy where sensitive data is threatened to be leaked if ransom demands are not met. This combination of tools enhances the operational capabilities of the Egregor ransomware group, making their campaigns more sophisticated and harder to detect. The threat is categorized under ransomware, network activity, payload delivery, and external analysis, highlighting its multifaceted attack vectors and the ongoing intelligence gathering around its tactics. Although no specific affected software versions or patches are indicated, the persistent nature of this RaaS and its use of widely available tools underscore the importance of vigilance against such threats. The medium severity rating reflects the significant but not catastrophic impact potential, considering the complexity and reach of the attack methods involved.
Potential Impact
For European organizations, the Egregor ransomware threat poses substantial risks to data confidentiality, integrity, and availability. The use of Cobalt Strike enables attackers to infiltrate networks deeply, potentially compromising critical infrastructure, intellectual property, and sensitive personal data protected under GDPR. The exfiltration of data via Rclone to cloud storage increases the risk of data breaches and subsequent regulatory penalties. Disruption caused by ransomware encryption can halt business operations, leading to financial losses and reputational damage. The double extortion tactic intensifies pressure on organizations to comply with ransom demands, as leaked data can cause further harm. Sectors such as finance, manufacturing, healthcare, and government agencies in Europe are particularly vulnerable due to their reliance on complex IT environments and the value of their data. The threat also complicates incident response efforts, as attackers may maintain persistence and use legitimate tools to evade detection, increasing recovery times and costs.
Mitigation Recommendations
European organizations should implement a layered defense strategy tailored to counter the specific tactics used by Egregor operators. This includes deploying advanced endpoint detection and response (EDR) solutions capable of identifying Cobalt Strike behaviors such as beaconing and lateral movement. Network segmentation should be enforced to limit attacker mobility. Monitoring for unusual use of tools like Rclone, especially outbound data transfers to cloud services, can help detect exfiltration attempts. Regularly updating and patching all systems, even if no direct patch for Egregor exists, reduces the attack surface. Implementing strict access controls and multi-factor authentication (MFA) minimizes privilege escalation risks. Conducting frequent backups with offline or immutable storage ensures data recovery without paying ransom. Employee training on phishing and social engineering attacks, common initial vectors for ransomware, is essential. Finally, establishing and rehearsing incident response plans that include coordination with law enforcement and cybersecurity authorities will improve resilience against such threats.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Uuid
- f42c106c-df01-47f3-bc36-16072ad63856
- Original Timestamp
- 1609779788
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip45.153.242.129 | — | |
ip217.8.117.148 | — | |
ip45.11.19.70 | — | |
ip185.238.0.233 | — |
File
| Value | Description | Copy |
|---|---|---|
file49.12.104.241 | On port 81 |
Hash
| Value | Description | Copy |
|---|---|---|
hash81 | On port 81 | |
hash8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9 | — | |
hash3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f | — | |
hash2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf | — | |
hash444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459 | — | |
hashc3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1 | — | |
hash004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a | — | |
hash608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9 | — | |
hash3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63 | — | |
hash4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97 | — | |
hash9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44 | — | |
hashee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541 | — | |
hash765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab | — | |
hash14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4 | — | |
hash3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55 | — | |
hashf0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c | — | |
hasha9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436 | — | |
hash3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07 | — | |
hash6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780 | — | |
hash932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e | — | |
hash6f600974c45eec97016c1259e769a4ef | — | |
hash56eed20ea731d28d621723130518ac00bf50170d | — | |
hash9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44 | — | |
hash666f8d920f85f9afffcf0865a98efe69 | — | |
hash50c3b800294f7ee4bde577d99f2118fc1c4ba3b9 | — | |
hasha9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436 | — | |
hash44a7085f729b68073b5c67bbc66829cc | — | |
hash3c03a1c61932bec2b276600ea52bd2803285ec62 | — | |
hash8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9 | — | |
hash0de24cec66ef9d1042be7cf12b87cfc4 | — | |
hashf7bf7cea89c6205d78fa42d735d81c1e5c183041 | — | |
hash765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab | — | |
hashde3110dce011088cd4add1950a49182f | — | |
hashc9da06e3dbf406aec50bc145cba1a50b26db853a | — | |
hash608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9 | — | |
hash8ba3a9d73903bd252f8d99a682d60858 | — | |
hash95aea6b24ed28c6ad13ec8d7a6f62652b039765e | — | |
hash444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459 | — | |
hash81bc3a2409991325c6e71a06f6b7b881 | — | |
hash38c88de0ece0451b0665f3616c02c2bad77a92a2 | — | |
hash2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf | — | |
hash65c320bc5258d8fa86aa9ffd876291d3 | — | |
hashf0215aac7be36a5fedeea51d34d8f8da2e98bf1b | — | |
hash3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f | — | |
hashac33fea4c2a9bbca3559142838441f84 | — | |
hash948ef8caef5c1254be551cab8a64c687ea0faf84 | — | |
hash932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e | — | |
hashdd8e8bfb45fcd5f0621fe7085bfcab94 | — | |
hash5c99dc80ca69ce0f2d9b4f790ec1b57dba7153c9 | — | |
hash3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07 | — | |
hash427105821263afeeccca05b43ea8dac4 | — | |
hashfa33fd577f5eb4813bc69dce891361871cda860c | — | |
hashee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541 | — | |
hashd1aa0f26f557addd45e0d9fa4afecf15 | — | |
hashf1603f1ddf52391b16ee9e73e68f5dd405ab06b0 | — | |
hash14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4 | — | |
hasha922987d1488e2dede7e39a99faf98bb | — | |
hashbeb48c2a7ff957d467d9199c954b89f8411d3ca8 | — | |
hash6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780 | — | |
hash5f9fcbdf7ad86583eb2bbcaa5741d88a | — | |
hash03cdec4a0a63a016d0767650cdaf1d4d24669795 | — | |
hash004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a | — | |
hash9b7ccaa2ae6a5b96e3110ebcbc4311f6 | — | |
hash3cc616d959eb2fe59642102f0565c0e55ee67dbc | — | |
hashc3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1 | — | |
hash1d6aa29e98d3f54b8c891929c34eb426 | — | |
hashceca1a691c736632b3e98f2ed5b028d33c0f3c64 | — | |
hash3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63 | — | |
hashc3c7a97da396085eb48953e638c3c9c6 | — | |
hash8768cf56e12a81d838e270dca9b82d30c35d026e | — | |
hash3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55 | — | |
hashc96df334b5ed70473ec6a58a545208b6 | — | |
hashf6ad7b0a1d93b7a70e286b87f423119daa4ea4df | — | |
hash4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97 | — | |
hash7375083934dd17f0532da3bd6770ab25 | — | |
hashac6d919b313bbb18624d26745121fca3e4ae0fd3 | — | |
hashf0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://185.238.0.233/p.dll | — | |
urlhttp://185.238.0.233/b.dll | — | |
urlhttp://185.238.0.233/sed.dll | — | |
urlhttp://185.238.0.233/hnt.dll | — | |
urlhttp://185.238.0.233/88/k057.exe | — | |
urlhttp://185.238.0.233/newsvc.zip | — | |
urlhttp://egregoranrmzapcv.onion | — | |
urlhttps://egregornews.com/ | — | |
urlhttp://egregor4u5ipdzhv.onion/ | Payment Portal |
Link
| Value | Description | Copy |
|---|---|---|
linkhttps://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/ | — | |
linkhttps://www.virustotal.com/gui/file/9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44/detection/f-9017c070ad6ac9ac52e361286b3ff24a315f721f488b53b7aaf6ac35de477f44-1607607889 | — | |
linkhttps://www.virustotal.com/gui/file/a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436/detection/f-a9d483c0f021b72a94324562068d8164f8cce0aa8f779faea304669390775436-1609464195 | — | |
linkhttps://www.virustotal.com/gui/file/8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9/detection/f-8483aaf9e1fa5b46486c9f2a14c688c30d2006e88de65d0295a57892de0bf4c9-1608093399 | — | |
linkhttps://www.virustotal.com/gui/file/765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab/detection/f-765327e1dc0888c69c92203d90037c5154db9787f54d3fc8f1097830be8c76ab-1609346253 | — | |
linkhttps://www.virustotal.com/gui/file/608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9/detection/f-608b5bf065f25cd1c6ac145e3bcdf0b1b6dc742a08e59ec0ce136fe5142774e9-1608573561 | — | |
linkhttps://www.virustotal.com/gui/file/444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459/detection/f-444a6897058fd4965770167b15a2ab13e6fd559a3e6f6cf5565d4d3282587459-1608285143 | — | |
linkhttps://www.virustotal.com/gui/file/2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf/detection/f-2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf-1607457856 | — | |
linkhttps://www.virustotal.com/gui/file/3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f/detection/f-3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f-1609359005 | — | |
linkhttps://www.virustotal.com/gui/file/932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e/detection/f-932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e-1607945507 | — | |
linkhttps://www.virustotal.com/gui/file/3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07/detection/f-3aad14d200887119f316be71d71aec11735dd3698a4fcaa50902fce71bdccb07-1607458180 | — | |
linkhttps://www.virustotal.com/gui/file/ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541/detection/f-ee06c557f1acd5c4948b1df0413e49f3885f8ac96185a9d986b91a1231444541-1607652091 | — | |
linkhttps://www.virustotal.com/gui/file/14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4/detection/f-14e547bebaa738b8605ba4182c4379317d121e268f846c0ed3da171375e65fe4-1607607489 | — | |
linkhttps://www.virustotal.com/gui/file/6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780/detection/f-6ad7b3e0873c9ff122c32006fdc3675706a03c4778287085a020d839b74cd780-1607458285 | — | |
linkhttps://www.virustotal.com/gui/file/004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a/detection/f-004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a-1607670660 | — | |
linkhttps://www.virustotal.com/gui/file/c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1/detection/f-c3c50adcc0a5cd2b39677f17fb5f2efca52cc4e47ccd2cdbbf38815d426be9e1-1607457616 | — | |
linkhttps://www.virustotal.com/gui/file/3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63/detection/f-3e5a6834cf6192a987ca9b0b4c8cb9202660e399ebe387af8c7407b12ae2da63-1607607624 | — | |
linkhttps://www.virustotal.com/gui/file/3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55/detection/f-3fc382ae51ceca3ad6ef5880cdd2d89ef508f368911d3cd41c71a54453004c55-1609768843 | — | |
linkhttps://www.virustotal.com/gui/file/4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97/detection/f-4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97-1608940897 | — | |
linkhttps://www.virustotal.com/gui/file/f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c/detection/f-f0adfd3f89c9268953f93bfdfefb84432532a1e30542fee7bddda14dcb69a76c-1609207425 | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2020-12-10T13:44:49+00:00 | — | |
datetime2021-01-01T01:23:15+00:00 | — | |
datetime2020-12-16T04:36:39+00:00 | — | |
datetime2020-12-30T16:37:33+00:00 | — | |
datetime2020-12-21T17:59:21+00:00 | — | |
datetime2020-12-18T09:52:23+00:00 | — | |
datetime2020-12-08T20:04:16+00:00 | — | |
datetime2020-12-30T20:10:05+00:00 | — | |
datetime2020-12-14T11:31:47+00:00 | — | |
datetime2020-12-08T20:09:40+00:00 | — | |
datetime2020-12-11T02:01:31+00:00 | — | |
datetime2020-12-10T13:38:09+00:00 | — | |
datetime2020-12-08T20:11:25+00:00 | — | |
datetime2020-12-11T07:11:00+00:00 | — | |
datetime2020-12-08T20:00:16+00:00 | — | |
datetime2020-12-10T13:40:24+00:00 | — | |
datetime2021-01-04T14:00:43+00:00 | — | |
datetime2020-12-26T00:01:37+00:00 | — | |
datetime2020-12-29T02:03:45+00:00 | — |
Text
| Value | Description | Copy |
|---|---|---|
text59/70 | — | |
text54/70 | — | |
text54/69 | — | |
text55/70 | — | |
text0/59 | — | |
text14/60 | — | |
text60/68 | — | |
text58/69 | — | |
text57/69 | — | |
text55/70 | — | |
text56/69 | — | |
text57/70 | — | |
text57/67 | — | |
text58/68 | — | |
text59/70 | — | |
text55/70 | — | |
text58/70 | — | |
text54/69 | — | |
text25/60 | — | |
textRSA | — | |
textpWEzuKkw9nY82VRKYfrw4f4wvrnfnKEApQ5JTkf/YQPzxJtJmwKUjXV759aYQnPIZdGN1RUckdpMZWiYGmsWFYzkNJZpsPihvk9c14zLJDJdmpitYvoy22JFox9iBHqhFAjDC37kzpVH6bafVABdUgUdr0r2EzK+ysJBiR0Ge28ToH94wJTXwBC7hi3G42vk4KmLncPm55NUuz9ZzQ+xqovtN/RyDNL8MDbW4lHWe9Lmi5qlNN/ckIgwDh+sI1rO/T+DmS1Uoo62QWeYTgmlRaCp91AfeC7mNFkXvXUVMs3GlqpIrgbMLPBbBi04sra/pmXp9oteZK4b1fAWKgDZ2B0f11AiX9SFIpJn8odT+Z0tVL2H8IKvANB1507SGq3S2JR3a6SLGODy3yjm3vwfnyaVqL1gNNudkDc5dLVx0tavBj2h5v1PMDCFYpuSZ56qYY1VeQfA56bsPKI2J102ztOktaFmU9jI3G3oxBCV9j1JKOJhltPRjyXAmg9o3sqB5VCxPzmMIL+bxJnEelHdBzVdRpY4pPyEPmdrn2mQ5sXwIA1RfdvF9JruxQF/0yl2WKqK0CE4pKazQWdrYdQaLTPCdMxZv7JKO8Dy5vyHBW08+UTJEuEiQa6Q/1qVkGipUPgK4Wpg3iP6xas9SaV1ovy1o2yC0beVhD+Ean6/5/lfIiG1w/ouzyq0Vprhfmr59ftnduimCDgAPi9mv2Fzg1BcGYt5P0qE7Ya0ycGFyvNvS2eoiA5mjvN67R6jeJ8JF0fPnz7O2QMldjZj0uVfAoMHlgaRP74vOKfOzFHCiPhyXwe8V9Wd3xjctlG4PCVMuUvYn7BFSW82AMefXIWTeIhHD4UdoAuZ3sHsgsFyyaTdVo1WCEWJtMMN0FOyhF0m1R5ozQPJSyuaOUzrDU1fKD57v3Cf5T860kath1w+CQAeWXdbXSR0mvN45rPgYN24qVvvB6kle5Vr20x0EZJ4viCERcreKcJqOV/0GwZU4BR8jUGQkokgD3UvJQf0Vu4mIv6vLZUtvRvEl3URsZNWh7nnKR5jjq3Tx911IH+UQznFncGD402REUpyADZpv0aRfyMZzZFecaxlo/EMS8lhkeukkZQJiwXJH2SV77olADcOfnaOQEq+YU23kRJf+YOdKW3E9NsqF1MKLTdn5+31ka4OyN7wed9HVyJj+clXkNT/YJkS/E869Hm1MPBQv+25451tiXgGcKo/9L5BFmmy77TxYuZMjuRVIanXWwK8tQ+kz0gEj1BG4I477yrhqN2yaQQ2cZ7QhpNPFlnsereCoI8rNBRBp/VgxKS+AKqkKj9UyghlABrYlRypEsM7FDC44tvDJILfb+9IL70qEe+BdPmIIv4/HWHJSEI7K9MWLah7cX4OGLG2eqT9pSkLISFvyEM+9ylo3WYWx2G0m5s0r7O+jRAOdZ1Joy5eGx7PPRCnVcEv0IyhNnFpz4HsNibUAR664rZ+Os05SDNitn3t8RgtAcvTdNHAbtNGLZZj/7KFIyGb1f37teR9/oty8BFsaHhRNVHx22+u+AFR/HbucnbY+prvzAWY3dpjQIO2O+3HoCuz2MXx5gFIfJ0pIA6V9px/j4LOPGPfN159CRItKeOy3ZLtKByaD+FwHBzYHpIWgCvL2vWo+eRWF66oYNvDhB5yVtDgXx0LU789ypKu/vjuvo7obGEoF3NoxJhmNS4DfVMzsy4YdBRhHrBfF36a8ahFSBApu9cd0RmuT09hKmV7m+EGGCXr+MNvzlFQSMzt5Ce5Mj9w507PN/IDLQz8h6236WGZSH2iM2PGUq/UF1wADoHSjPXRcfPparHHHPTcZZkil4HMWP6Y+gDlN0BKKl9ntqyd8QiiqDqwcJIZZG4Jm6lRIhvpBZ14P+z83zePzjMNhVkNVnU4sfDRaemkxZFPF+hGM/PEvqFuEOsX4LfWxOpwLAf+OLLpe71+6QdKDAcwf6553t0TOPCqGr3B+flGGAhi0pqCeAsB0KzS28MakLBxJQPkR/E+F0tHmwBYCCl0haxZnBZ9rJVApq2rAAENA2gQLPaStc0DzrdkIRY6r789la7OzAUqvcTyX8fq/xfYJpz+zUt4PUcVWxoO1+1g9+BpCAlPgZEkIKSbqoSNtkeIMz65CthNiCsX817p8nqBb4BdpcuCihoL49fK6fn/WUnj3xaTiQuNDnvcW9NARgIzqu2lvsZa+qvDBW99gsaeLb4feNlGqZUk98zht7GvywgFEAEYASCAAigAOg5QAEgAWABGAFMAMgAAAEIiQgAwADIARAAwAEYAMwAyAEEAMQBDADkAMgBFADAAOAAAAEqQAXwAQQA6AFIAXwAwAC8AMAB8AEMAOgBGAF8ANAA0ADMAMAA4AC8ANwA2ADQANAA3AHwARAA6AEMAXwAwAC8AMAB8AEUAOgBGAF8AMQA3ADEANgA0ADQALwAyADAAOQA3ADEANAA5AHwARgA6AEYAXwAyADkANAA5ADQANQAvADIAMAA0ADcAOAA2ADgAfAAAAFIQagBnAHIAYQBuAGoAYQAAAGgDckBXAGkAbgBkAG8AdwBzACAAUwBlAHIAdgBlAHIAIAAyADAAMQAyACAAUgAyACAAUwB0AGEAbgBkAGEAcgBkAAAAehJJAE0AUABSAEkATQBJAFMAAAA= | — | |
textmalware-extraction | — |
Threat ID: 68359c9f5d5f0974d01fc07a
Added to database: 5/27/2025, 11:06:07 AM
Last enriched: 7/5/2025, 10:28:07 PM
Last updated: 7/28/2025, 6:04:52 AM
Views: 10
Related Threats
SQLi vuln sites - 2015-08-12 - origin: pastebin.com/23fDLE1G
LowOSINT - From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West
MediumThreatFox IOCs for 2025-07-29
MediumThreatFox IOCs for 2025-07-28
MediumThreatFox IOCs for 2025-07-27
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.