Indicators of Compromise Associated with OnePercent Group Ransomware
Show in Graph
Image Description
Common Information
Type Value
UUID 478967eb-981b-43fb-8957-e27e8b7abe72
Fingerprint 4368226ba955eeac473935d8f0e0a37a35178b72d7e235d179801bf4edf5bad8
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 23, 2021, 2:19 p.m.
Added to db April 14, 2024, 2:13 a.m.
Last updated Aug. 31, 2024, 4:18 a.m.
Headline Indicators of Compromise Associated with OnePercent Group Ransomware
Title Indicators of Compromise Associated with OnePercent Group Ransomware
Detected Hints/Tags/Attributes 64/2/31
Source URLs
Redirection Url
Details Source https://www.ic3.gov/Media/News/2021/210823.pdf
URL Provider
Details Provider Source level domain
Details ic3.gov www.ic3.gov
Attributes
Details Type #Events CTI Value
Details Domain 128 
www.fbi.gov
Details Domain 1 
5mvifa3xq5m7sou3xzaajfz7h6eserp5fnkwotohns5pgbb5oxty3zad.onion
Details Domain 396 
protonmail.com
Details Domain 1 
nix1.xyz
Details Domain 2 
golddisco.top
Details Domain 1 
delokijio.pw
Details Domain 2 
june85.cyou
Details Domain 1 
intensemisha.cyou
Details Domain 1 
biggarderoub.cyou
Details Domain 1 
d30qpb9e10re4o.cloudfront.net
Details Domain 8 
www.stopransomware.gov
Details Domain 1 
stopransomeware.gov
Details Domain 167 
www.ic3.gov
Details Email 1 
1percentransom@protonmail.com
Details Email 1 
1percentransomware@protonmail.com
Details File 15 
-readme.txt
Details File 1 
dzcqciav-readme.txt
Details File 1 
%temp%\temp1_request.zip
Details File 1 
%programdata%\vexby.txt
Details File 37 
rclone.exe
Details sha1 1 
c00cfb456fc6af0376fbea877b742594c443df97
Details sha1 1 
a1d985e13c07eddfa2721b14f7c9f869b0d733c9
Details IPv4 1 
157.245.239.187
Details IPv4 1 
31.187.64.199
Details IPv4 1 
206.189.227.145
Details IPv4 1 
167.71.224.39
Details IPv4 1 
80.82.67.221
Details IPv4 1 
138.197.179.153
Details IPv4 1 
134.209.203.30
Details Url 5 
https://www.stopransomware.gov
Details Url 26 
https://www.ic3.gov/pifsurvey