• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Hive Ransomware

Released: Nov 22, 2022

Download PDF »

Hive Ransomware

Critical Severity

Ransomware Type

$100 million plus in payouts for Ransomware-as-a-service (RaaS) attacks

The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-31207
CVE-2021-34473
CVE-2021-34523
CVE-2021-42321

Background

Hive ransomware was first observed in June 2021. According to the advisory, it has grown into one of the most prevalent ransomware in the ransomware as a service (RaaS) ecosystem. The RaaS model initiates from developers creating, maintaining, and updating the malware, and affiliates conducting the ransomware attacks. Hive ransomware related attacks has targeted a wide range of industries and critical infrastructure sectors such as government, communications and information technology, with a high focus on healthcare and public health entities.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 93/100
Known Exploited Yes
Exploit Prediction Score 97.32%
FortiGuard Telemetry 23400

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


November 17, 2022: CISA released a joint advisory on Hive Ransomware. https://www.cisa.gov/uscert/ncas/alerts/aa22-321a


November 21, 2022: Threat Signal posted at https://www.fortiguard.com/threat-signal-report/4889
FortiGuard Labs is continually monitoring and providing latest Anti-virus protections and IPS coverages for any linked vulnerabilities targeted by Hive ransomware.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Decoy VM

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • Behavior Detection

  • IPS

  • Post-execution

DETECT

  • Threat Hunting

  • IOC

  • Outbreak Detection

  • Content Update

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
asq.r77vh0.pw domain Active
asq.d6shiiwz.pw domain Active
103.114.163.197 ip Active
28332bdbfaeb8333dad5ada3c10819a1a015db9106d5e8a... file Active
d7982ffe09f947e5b4237c9477af73a034114af03968e3c... file Active
c3aceb1e2eb3a6a3ec54e32ee620721e file Active
hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34g... domain Active
hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp5... domain Active
4fa565cc2ebfe97b996786facdb454e4328a28792e27e80... file Active
45942ad78a041108de18a9661ea1067b21e6c041 file Active
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iq... url Active
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3g... url Active
a290ce75c6c6b37af077b72dc9c2c347a2eede4fafa6551... file Active
185.18.52.155 ip Active
3.15.221.32 ip Active
1337.com domain Active
194.147.142.0 ip Active
209.14.0.234 ip Active
07f96c3910106c7fe9153a8adcb9785a file Active
08333352f5af9e610f356ee5b1c31ee0 file Active
10cc7d7de5ef85d104171b4255bdca54 file Active
335b9a537a380ec5936a7210ad64d955 file Active
4cfea3d23aa4ece7a22ef13f47a393a9 file Active
71e208a8d7cc9ec9d08e0bf5c0329ae6 file Active
76280746b3f8685eaad6879a6d9456c5 file Active
8d17765168677ef76400b497fb0c0fd3 file Active
8ed32ace2fbce50296d3a1a16d963ba7 file Active
957af740e1d88fabdaf73bd619cb3d31 file Active
a8ddace9435fe395325fc45dde8bd0a3 file Active
bc70a7b384558cafbbc04f00a59cbe8d file Active
ef37842fc159631f9dd8f94c5e05a674 file Active
http://209.14.0.234:46613/VcEtrKighyIFS5foGNXH url Active
209.14.0.234:46613 ip Active
contact@contipauper.com email Active
contipauper.com domain Active
ed834722111782b2931e36cfa51b38852c813e3d7a4d167... file Active
cafe54e85c539671c94abdeb4b8adbef3bde86550060030... file Active
36e8bb8719a619b78862907fd49445750371f40945fefd5... file Active
5a08ecb2fad5d5c701b4ec42bd0fab7b7b4616673b2d8fb... file Active
1091643890918175dc751538043ea0743618ec7a5a98018... file Active
2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14d... file Active
7bcb25854ea2e5f0b8cfca7066a13bc8af8e7bac6693dea... file Active
c020d16902bd5405d57ee4973eb25797087086e4f8079fa... file Active
a926fe9fc32e645bdde9656470c7cd005b21590cda222f7... file Active
368756bbcaba9563e1eef2ed2ce59046fb8e69fb305d50a... file Active
d030d11482380ebf95aea030f308ac0e1cd091c673c7846... file Active
a0066b855dc93cf88f29158c9ffbbdca886a5d6642cbcb9... file Active
c04509c1b80c129a7486119436c9ada5b0505358e97c150... file Active
0df750bf15895d410c3f6ce45279ab0329c5c723af38b99... file Active
5ae51e30817c0d08d03f120539aedc31d094b080eb70c06... file Active
1e21c8e27a97de1796ca47a9613477cf7aec335a783469c... file Active
88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b0... file Active
77a398c870ad4904d06d455c9249e7864ac92dda877e288... file Active
2f7d37c22e6199d1496f307c676223dda999c136ece4f27... file Active
d158f9d53e7c37eadd3b5cc1b82d095f61484e47eda2c36... file Active
fdbc66ebe7af710e15946e1541e2e81ddfd62aa3b353392... file Active
612e5ffd09ca30ca9488d802594efb5d41c360f7a439df4... file Active
5954558d43884da2c7902ddf89c0cf7cd5bf162d6feefe5... file Active
e1a7ddbf735d5c1cb9097d7614840c00e5c4d5107fa687c... file Active
93852dbd3a977cf2662b0c4db26b627736ba51c0df627eb... file Active
a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a... file Active
c5fe23c626413a18cba8fb4ea93df81529c85f470577fb9... file Active
50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2... file Active
ed614cba30f26f90815c28e189340843fab0fe7ebe71bb9... file Active
bf7bc94506eb72daec1d310ba038d9c3b115f145594fd27... file Active
5dbe3713b309e6ecc208e2a6c038aeb1762340d4 file Active
9d336b8911c8ffd7cc809e31d5b53796bb0cc7bb file Active
edba1b73ddd0e32784ae21844c940d7850531b82 file Active
7777771aec887896be773c32200515a50e08112a file Active
67f0c8d81aefcfc5943b31d695972194ac15e9f2 file Active
e3e8e28a70cdfa2164ece51ff377879a5151abdf file Active
1cc80ad88a022c429f8285d871f48529c6484734 file Active
3b40dbdc418d2d5de5f552a054a32bfbac18c5cc file Active
480db5652124d4dd199bc8e775539684a19f1f24 file Active
dc0ae41192272fda884a1a2589fe31d604d75af2 file Active
2877b32518445c09418849eb8fb913ed73d7b8fb file Active
c9471adc8db180a7da5a56966b156b440483856f file Active
4714f1e6bb75a80a8faf69434726d176b70d7bd8 file Active
cd8e4372620930876c71ba0a24e2b0e17dcd87c9 file Active
0f9484948fdd1b05bad387b14b27dc702c2c09ed file Active
2f3273e5b6739b844fe33f7310476afb971956dd file Active
eaa2e1e2cb6c7b6ec405ffdf204999853ebbd54a file Active
bf315c9c064b887ee3276e1342d43637d8c0e067260946d... file Active
209.14.0.234:30234 ip Active
209.14.0.234:55676 ip Active
32f7064bd6f740041ddd1d819a667b12d6c24a28 file Active
11ce3d5e6e3451d059f65c4676145020d42c3835 file Active
c17b605ad2630869e063ffc575c36c5b6c8f853a file Active
b8d1b1b4b759c4380293537fc4cc3622fffbd52e file Active
144.121.101.135 ip Active
45.144.30.18 ip Active
203.184.132.186 ip Active
116.203.201.159 ip Active
84.17.46.174 ip Active
37.221.115.68 ip Active
354a362811b8917bd7245cdd43fe12de9ca3f5f6afe5a2e... file Active
67ab2abe18b060275763e1d0c73d27c1e61b69097232ed9... file Active
321d0c4f1bbb44c53cd02186107a18b7a44c840a9a5f0a7... file Active
b5045d802394f4560280a7404af69263 file Active
bee9ba70f36ff250b31a6fdf7fa8afeb file Active