Overview - Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | sha256 | 1 | f6afcefd5ee22f979c466147ba529b95d5fdc36f7168c1d59acf06cb7d200f97 |
|
| Details | sha256 | 1 | f7769f22d32d13539bbaab9365ec026921b0a83e200fb124688df815b1825a44 |
|
| Details | sha256 | 1 | f7d18c48ac9245f8c902cbc650d05f42888293e9fc097f88f2140731f6f106b9 |
|
| Details | IPv4 | 1 | 181.134.9.162 |
|
| Details | IPv4 | 1 | 181.167.35.84 |
|
| Details | IPv4 | 2 | 107.175.75.9 |
|
| Details | IPv4 | 2 | 190.171.153.139 |
|
| Details | Domain | 2 | id.services |
|
| Details | IPv4 | 4 | 50.116.78.109 |
|
| Details | IPv4 | 1 | 201.212.78.182 |
|
| Details | IPv4 | 2 | 203.153.216.182 |
|
| Details | IPv4 | 2 | 211.20.154.102 |
|
| Details | IPv4 | 1 | 212.112.113.235 |
|
| Details | IPv4 | 2 | 220.128.125.18 |
|
| Details | IPv4 | 2 | 37.208.106.146 |
|
| Details | IPv4 | 2 | 37.70.131.107 |
|
| Details | IPv4 | 2 | 190.55.233.156 |
|
| Details | IPv4 | 2 | 181.164.110.7 |
|
| Details | IPv4 | 2 | 181.230.65.232 |
|
| Details | Yara rule | 1 | import "hash"
import "pe"
rule ransomware_blackkingdom {
meta:
description = "Rule to detect Black Kingdom ransomware"
author = "Kaspersky Lab"
copyright = "Kaspersky Lab"
distribution = "DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM"
version = "1.0"
last_modified = "2021-05-02"
hash = "866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc"
hash = "910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db"
condition:
hash.sha256(pe.rich_signature.clear_data) == "0e7d0db29c7247ae97591751d3b6c0728aed0ec1b1f853b25fc84e75ae12b7b8"
} |
|
| Details | IPv4 | 1 | 74.207.230.187 |
|
| Details | IPv4 | 3 | 190.63.7.166 |
|
| Details | IPv4 | 2 | 78.188.170.128 |
|
| Details | IPv4 | 2 | 80.211.32.88 |
|
| Details | IPv4 | 1 | 87.106.231.60 |