Trusted Design

Locky Domain Analysis Uncovers Over 130 Related Indicators

概要

The ThreatSTOP Research Team has been monitoring new Indicators of Compromise for Locky ransomware since its debut, and has analyzed hundreds of relevant indicators. During our analysis on these indicators, we noticed four outstanding domains – legitimate-looking domains with the addition of the string “qq” or “ff” at the end of the domain name. These domains sparked a follow up analysis that led to the finding of over 130 indicators. The full analysis can be found here: https://blog.threatstop.com/2016/04/08/locky-ransomware-domains-followup-research/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Locky: New Ransomware Mimics Dridex-Style Distribution (score: 0.67)
Locky Ransomware Cybercriminals introduce New RockLoader Malware (score: 0.67)
Necurs Botnet Returns With Updated Locky Ransomware In Tow (score: 0.63)
2016-06-06 Magnitude EK Sibling Domains (score: 0.63)
Spear-phishing based Locky distribution (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 6.23

Matched TTPs:

T1539 - Steal Web Session Cookie
T1588.001 - Malware

MITREへのリンク →

TA551

Score: 4.13

Matched TTPs:

T1539 - Steal Web Session Cookie

MITREへのリンク →

Medusa Group

Score: 5.30

Matched TTPs:

T1600 - Weaken Encryption
T1608.005 - Link Target

MITREへのリンク →

Lazarus Group

Score: 15.59

Matched TTPs:

T1600 - Weaken Encryption
T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target
T1567.002 - Exfiltration to Cloud Storage
T1546.016 - Installer Packages

MITREへのリンク →

Sandworm Team

Score: 7.64

Matched TTPs:

T1600 - Weaken Encryption
T1098.007 - Additional Local or Domain Groups
T1546.016 - Installer Packages

MITREへのリンク →

LAPSUS$

Score: 3.29

Matched TTPs:

T1600 - Weaken Encryption

MITREへのリンク →

Wizard Spider

Score: 5.38

Matched TTPs:

T1600 - Weaken Encryption
T1588.001 - Malware

MITREへのリンク →

Indrik Spider

Score: 6.12

Matched TTPs:

T1600 - Weaken Encryption
T1546.016 - Installer Packages

MITREへのリンク →

APT28

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Contagious Interview

Score: 7.66

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1021.006 - Windows Remote Management
T1608.005 - Link Target

MITREへのリンク →

APT1

Score: 4.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1053.002 - At

MITREへのリンク →

APT32

Score: 5.63

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

IndigoZebra

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Leviathan

Score: 4.35

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1546.016 - Installer Packages

MITREへのリンク →

Earth Lusca

Score: 6.36

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1546.016 - Installer Packages

MITREへのリンク →

Kimsuky

Score: 8.91

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target
T1053.002 - At

MITREへのリンク →

Dragonfly

Score: 4.35

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1546.016 - Installer Packages

MITREへのリンク →

TA2541

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

LazyScripter

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Transparent Tribe

Score: 4.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1053.002 - At

MITREへのリンク →

ZIRCONIUM

Score: 5.63

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

Mustang Panda

Score: 11.91

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1169 - Sudo
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

FIN7

Score: 5.63

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

Magic Hound

Score: 8.91

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target
T1053.002 - At

MITREへのリンク →

Gamaredon Group

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Winter Vivern

Score: 3.61

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware

MITREへのリンク →

BITTER

Score: 3.61

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware

MITREへのリンク →

UNC3886

Score: 6.23

Matched TTPs:

T1021.006 - Windows Remote Management
T1588.001 - Malware

MITREへのリンク →

Higaisa

Score: 5.94

Matched TTPs:

T1588.001 - Malware
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Turla

Score: 4.85

Matched TTPs:

T1608.005 - Link Target
T1546.016 - Installer Packages

MITREへのリンク →

APT29

Score: 6.55

Matched TTPs:

T1608.005 - Link Target
T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Mustard Tempest

Score: 7.82

Matched TTPs:

T1543.002 - Systemd Service
T1053.002 - At

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.82

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1546.016 - Installer Packages
T1600 - Weaken Encryption
T1567.002 - Exfiltration to Cloud Storage
T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

Mustang Panda

Score: 0.65

Matched TTPs:

T1169 - Sudo
T1098.007 - Additional Local or Domain Groups
T1567.002 - Exfiltration to Cloud Storage
T1608.005 - Link Target

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る