← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Understanding Ransomware Series
WHITE Sodinokibi AlienVault 2019-12-19 Modified: 2019-12-19
4
IOCs
LOW VOLUME
Sodin - also known as Sodinokibi or REvil - is a successful ransomware family which often employs advanced evasion techniques to avoid notice until the right time. It is developed and operated as ransomware-as-a-service (RaaS), meaning that threat actors can pay to make use of the software to run their campaigns.
Sodinokibiransomware
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Ransom:Win32/Sodinokibi
Indicators of Compromise (4)
All FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851 2019-12-19
FileHash-SHA256 e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec 2019-12-19
FileHash-SHA256 0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d 2019-12-19
FileHash-SHA256 139a7d6656feebe539b2cb94b0729602f6218f54fb5b7531b58cfe040f180548 2019-12-19
References (1)
↗ https://hatching.io/blog/ransomware-part2