The article compiles a large set of file hash indicators tied to Zeppelin ransomware activity as described in the CISA alert AA22-223a, associated with the StopRansomware campaign. It presents these indicators in a purely IOC-focused format without narrative details. #ZeppelinRansomware #StopRansomware #CISA #AA22-223a
Keypoints
- The page centers on a collection of file hash indicators linked to Zeppelin ransomware activity.
- The indicators are associated with the StopRansomware attribution and reference the CISA alert AA22-223a.
- No descriptive victimology, campaign timelines, or operational details are provided in this extract; it is hash-based IOC data.
- File hashes shown are 32-character hexadecimal values, typical of SHA-256 checksums.
- The content emphasizes indicators to aid detection and attribution for Zeppelin ransomware campaigns.
- The source attribution is explicitly cited as CISA alert AA22-223a.
- The list of indicators is extensive, spanning multiple lines of hash values.
MITRE Techniques
- [T1486] Data Encrypted for Impact ā Implied by attribution to Zeppelin ransomware, which encrypts victim data for extortion; the article focuses on file-hash IOCs tied to that ransomware. (‘The page centers on a collection of file hash indicators linked to Zeppelin ransomware activity.’)
Indicators of Compromise
- [File hash] Zeppelin/StopRansomware indicators from CISA AA22-223a ā 5841ef35aaff08bb03d25e5afe3856a2, fba7180ad49d6a7f3c60c890e2784704, and 2 more hashes
Read more: https://www.cisa.gov/uscert/ncas/alerts/aa22-223a