Scarab
Tags
| country: | India Turkey |
| attack-pattern: | Data Mmc - T1218.014 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 0f218574-7658-4931-b8c3-f1c77d436468 |
| Fingerprint | 96054b7e25753e03 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 12, 2017, 9:06 a.m. |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Scarab |
| Detected Hints/Tags/Attributes | 145/2/55 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2017/06/scarab-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 119 | yandex.ru |
|
| Details | Domain | 162 | localbitcoins.com |
|
| Details | Domain | 68 | www.coindesk.com |
|
| Details | Domain | 1 | plague.desi |
|
| Details | Domain | 19 | ya.ru |
|
| Details | Domain | 29 | bk.ru |
|
| Details | Domain | 29 | usa.com |
|
| Details | Domain | 99 | india.com |
|
| Details | Domain | 30 | bitmessage.ch |
|
| Details | Domain | 1 | hellokittyy.top |
|
| Details | Domain | 14 | bitmessage.org |
|
| Details | Domain | 7 | asia.com |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 2 | victimsdomain.com |
|
| Details | Domain | 2 | wizrac.com |
|
| Details | Domain | 29 | dr.com |
|
| Details | 1 | qa458@yandex.ru |
||
| Details | 1 | resque@plague.desi |
||
| Details | 3 | help-mails@ya.ru |
||
| Details | 3 | alexous@bk.ru |
||
| Details | 1 | mich78@usa.com |
||
| Details | 1 | michael78@india.com |
||
| Details | 1 | 29xnhyq820v7sfjnbu44yfiznko***.[mich78@usa.com |
||
| Details | 1 | 0aeq3twp9ye2fja1qjhluj=pqiybk***.[mich78@usa.com |
||
| Details | 1 | 2culanew=cptljpvoncg9ewf=bcpk***.[mich78@usa.com |
||
| Details | 1 | bm-2cu7jispwyc8ttpjfw26clfk3v3mrvsbj7@bitmessage.ch |
||
| Details | 1 | decrypt@hellokittyy.top |
||
| Details | 1 | fvvrfbohdiogee4q3moqpxrjgijl7.[decrypt@hellokittyy.top |
||
| Details | 2 | jackie7@asia.com |
||
| Details | 2 | jchan@india.com |
||
| Details | 2 | suupport@protonmail.com |
||
| Details | 2 | copier@victimsdomain.com |
||
| Details | 1 | namefile.pdf.[help@wizrac.com |
||
| Details | 2 | help@wizrac.com |
||
| Details | 1 | cordazius@protonmail.com |
||
| Details | 1 | traher@dr.com |
||
| Details | 1 | mack_traher@india.com |
||
| Details | File | 2 | if_you_want_to_get_all_your_files_back_please_read_this.txt |
|
| Details | File | 43 | wbadmin.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | File | 1 | scarab.exe |
|
| Details | File | 6 | sevnz.exe |
|
| Details | File | 2 | %appdata%\sevnz.exe |
|
| Details | File | 19 | recovery.txt |
|
| Details | File | 7 | this.txt |
|
| Details | File | 1 | manager_agent.exe |
|
| Details | File | 3 | old.exe |
|
| Details | File | 1 | namefile.pdf |
|
| Details | File | 4 | item.dat |
|
| Details | File | 140 | files.txt |
|
| Details | Url | 41 | http://www.coindesk.com/information/how-can-i-buy-bitcoins |
|
| Details | Url | 52 | https://localbitcoins.com/buy_bitcoins |
|
| Details | Windows Registry Key | 480 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |