urlscan.io logo urlscan.io
SecurityTrails logo

otx.alienvault.com Open in urlscan Pro
99.84.88.117  Public Scan

Back to summary
URL: https://otx.alienvault.com/pulse/64e378cb25cd6eeab226ccb3
Submission: On August 21 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

×
Loading...
   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

Share
Actions
Subscribers (242151)
Suggest Edit
Clone
Embed
Download
Report Spam



CUBA RANSOMWARE DEPLOYS NEW TOOLS: TARGETS CRITICAL INFRASTRUCTURE SECTOR IN THE
U.S. AND IT INTEGRATOR IN LATIN AMERICA

   
 * Created 1 hour ago by AlienVault
 * Public
 * TLP: White

Researchers has discovered and documented new tools used by the Cuba ransomware
threat group. Cuba ransomware is currently into the fourth year of its operation
and shows no sign of slowing down. In the first half of 2023 alone, the
operators behind Cuba ransomware were the perpetrators of several high-profile
attacks across disparate industries.

Reference:
https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america
Tags:
primary article, cybersecurity, cuba, cuba ransomware, bughatch, dlls, united,
ttps, cuban, republic, profero, russianspeaking, cobalt strike, metasploit,
powershell, colddraw, fidel
Adversary:
Cuba
Industry:
Critical Infrastructure
Targeted Countries:
Cuba , United States of America , Mexico , Guatemala , Panama , Colombia ,
Ecuador , Chile
Malware Families:
COLDDRAW , Fidel , BUGHATCH , Cobalt Strike , Cuba
Att&ck IDs:
T1016 - System Network Configuration Discovery , T1018 - Remote System Discovery
, T1036 - Masquerading , T1057 - Process Discovery , T1059 - Command and
Scripting Interpreter , T1068 - Exploitation for Privilege Escalation , T1071 -
Application Layer Protocol , T1078 - Valid Accounts , T1083 - File and Directory
Discovery , T1090 - Proxy , T1105 - Ingress Tool Transfer , T1106 - Native API ,
T1124 - System Time Discovery , T1133 - External Remote Services , T1135 -
Network Share Discovery , T1140 - Deobfuscate/Decode Files or Information ,
T1204 - User Execution , T1211 - Exploitation for Defense Evasion , T1212 -
Exploitation for Credential Access , T1218 - Signed Binary Proxy Execution ,
T1219 - Remote Access Software , T1543 - Create or Modify System Process , T1548
- Abuse Elevation Control Mechanism , T1562 - Impair Defenses , T1569 - System
Services , T1570 - Lateral Tool Transfer , T1027 - Obfuscated Files or
Information , T1021 - Remote Services , T1110 - Brute Force , T1574 - Hijack
Execution Flow , T1497 - Virtualization/Sandbox Evasion , T1095 -
Non-Application Layer Protocol , T1553 - Subvert Trust Controls , T1566 -
Phishing

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (21)
 * Related Pulses (54)
 * Comments (0)
 * History (0)

CVE (2)FileHash-SHA256 (9)FileHash-MD5 (5)FileHash-SHA1 (5)

TYPES OF INDICATORS

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

FileHash-SHA256cf87a44c575d391df668123b05c207eef04b91e54300d1cbbec2f48f5209d4a4Aug
21, 2023, 2:46:35
PM4FileHash-SHA256bd93d88cb70f1e33ff83de4d084bb2b247d0b2a9cec61ae45745f2da85ca82d2Aug
21, 2023, 2:46:35
PM6FileHash-SHA2569b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0cWin64:DangerousSig\
[Trj]Aug 21, 2023, 2:46:35
PM24FileHash-SHA256765d84ae85561bf5dbc1187da2b2cef91da9f222bcc6cf2c12cacd36e44bcffdAug
21, 2023, 2:46:35
PM4FileHash-SHA25658ba30052d249805caae0107a0e2a5a3cb85f3000ba5479fafb7767e2a5a78f3Aug
21, 2023, 2:46:35
PM4FileHash-SHA2564b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1Aug
21, 2023, 2:46:35
PM15FileHash-SHA2563a8b7c1fe9bd9451c0a51e4122605efc98e7e4e13ed117139a13e4749e211ed0stack_stringAug
21, 2023, 2:46:35
PM36FileHash-SHA2561c2d7f19f8c12e055e1ba8cdf5334e6cb5510847783fbe36121a35ad70f09eb3Aug
21, 2023, 2:46:35
PM4FileHash-SHA256075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85Aug
21, 2023, 2:46:35
PM4FileHash-SHA1a804ebec7e341b4d98d9e94f6e4860a55ea1638dWin64:DangerousSig\
[Trj]Aug 21, 2023, 2:46:35 PM21

SHOWING 1 TO 10 OF 21 ENTRIES
1
2
3
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2023 AlienVault, Inc.
   
 * Legal
   
 * Status