Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth
Show in Graph
Image Description
Common Information
Type Value
UUID 06536f86-5e82-498e-a559-52821181ffec
Fingerprint 75d35e506e4cb5fe82a8d78cb06e337765605f6752323525748d30e3c46dc7a7
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 18, 2019, 4:07 p.m.
Added to db April 18, 2024, 10:44 a.m.
Last updated Aug. 31, 2024, 1:14 a.m.
Headline Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth
Title Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth
Detected Hints/Tags/Attributes 122/2/69
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Fokker-Mundo.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details File 1 
anticrab.zip
Details File 1 
anticrab32.zip
Details File 1 
anticrabwithoutpersistenceandremovewallpaper32.zip
Details File 1 
gandcrabsucksvaccine.zip
Details File 1 
gandatom.zip
Details File 1 
security_ehavandesandt.pdf
Details Github username 2 
sourceincite
Details Github username 3 
unamer
Details MITRE ATT&CK Techniques 12 
T1099
Details Url 24 
https://twitter.com
Details Url 2 
https://apps.dtic.mil/dtic/tr/fulltext/u2/a586960.pdf
Details Url 1 
https://twitter.com/nao_sec/status
Details Url 1 
https://twitter.com/zsawei/status
Details Url 1 
https://www.nomoreransom.org/.
Details Url 1 
https://www.calendardate.com/orthodox_
Details Url 1 
https://twitter.com/ec3europol
Details Url 1 
https://www.bleepingcomputer.com/news/security/vaccine-available-for-
Details Url 1 
https://github.com/sourceincite/cve-2018-8440.
Details Url 1 
https://twitter.com/sandboxescaper
Details Url 1 
https://github.com/unamer/cve-2018-8120.
Details Url 1 
https://xiaodaozhi.com/exploit/156.html
Details Url 4 
https://www.mcafee.com
Details Url 1 
http://29wspy.ru/reversing/anticrab.zip
Details Url 1 
http://29wspy.ru/reversing/anticrab32.zip
Details Url 1 
http://29wspy.ru/reversing
Details Url 1 
http://29wspy.ru/reversing/gandcrabsucksvaccine.zip
Details Url 1 
http://29wspy.ru/reversing/gandatom.zip
Details Url 1 
https://research-information.bristol.ac.uk/fi
Details Url 3 
https://www.europol.europa.eu/newsroom/news/goznym-malware-
Details Url 1 
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rapidly-evolving-
Details Url 1 
https://attack.mitre.org/techniques/t1099/.
Details Url 1 
https://rawgraphs.io/.
Details Windows Registry Key 3 
HKEY_CURRENT_USER\Keyboard
Details CVE 19 
cve-2018-8440
Details CVE 32 
cve-2018-8120
Details Domain 247 
www.virusbulletin.com
Details Domain 42 
mcafee.com
Details Domain 110 
exploit.in
Details Domain 1373 
twitter.com
Details Domain 11 
apps.dtic.mil
Details Domain 20 
www.nomoreransom.org
Details Domain 2 
date.com
Details Domain 1 
www.calendardate.com
Details Domain 251 
www.bleepingcomputer.com
Details Domain 4127 
github.com
Details Domain 1 
xiaodaozhi.com
Details Domain 103 
www.mcafee.com
Details Domain 1 
29wspy.ru
Details Domain 1 
anticrab.zip
Details Domain 1 
anticrab32.zip
Details Domain 1 
anticrabwithoutpersistenceandremovewallpaper32.zip
Details Domain 1 
gandcrabsucksvaccine.zip
Details Domain 1 
gandatom.zip
Details Domain 1 
research-information.bristol.ac.uk
Details Domain 35 
www.europol.europa.eu
Details Domain 28 
securingtomorrow.mcafee.com
Details Domain 360 
attack.mitre.org
Details Domain 1 
rawgraphs.io
Details Email 1 
john_fokker}@mcafee.com
Details File 119 
smss.exe
Details File 11 
krab-decrypt.txt
Details File 2125 
cmd.exe
Details File 240 
wmic.exe
Details File 4 
pidor.bmp
Details File 21 
dtic.mil
Details File 2 
a586960.pdf
Details File 1 
new_year_2019.htm
Details File 1 
156.html
Details File 1 
8120.html