ioc[.]one - OSINT Cyber Threat Intelligence Database

Inside Chimera Ransomware - the first 'doxingware' in wild | Malwarebytes Labs

Tags

country:	Germany
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	1b60c087-add5-449f-97b6-793cc1525bc3
Fingerprint	ad0118fb28ed0e53
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 9, 2015, midnight
Added to db	Jan. 18, 2023, 8:35 p.m.
Last updated	Nov. 17, 2024, 12:58 p.m.
Headline	Inside Chimera Ransomware - the first 'doxingware' in wild
Title	Inside Chimera Ransomware - the first 'doxingware' in wild \| Malwarebytes Labs
Detected Hints/Tags/Attributes	52/2/28

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/
Details	Source	https://blog.malwarebytes.org/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com
Details	malwarebytes.org	blog.malwarebytes.org

Attributes

Details	Type	#Events	Value
Details	Domain	219	gist.github.com
Details	Domain	1	stub.pe
Details	Domain	1	stub.nr
Details	Domain	36	malwr.com
Details	Domain	6	bot.whatismyipaddress.com
Details	Domain	1	www.techwalls.com
Details	File	18	stub.exe
Details	File	21	loader.dll
Details	File	19	core.dll
Details	File	7	square.bmp
Details	File	3	stub.cs
Details	File	1	polarsslwrapper.dll
Details	Github username	35	hasherezade
Details	md5	1	8956cf38e5b6941921a3a2788f50a871
Details	md5	1	e6922a68fca90016584ac48fc7722ef8
Details	md5	4	60fabd1a2509b59831876d5e2aa71a6b
Details	md5	1	8df3534fe1ae95fc8c22cb85aed15336
Details	md5	1	0a27affc77bd786beff69aa1f502d694
Details	IPv4	619	0.0.0.0
Details	IPv4	2	95.165.168.168
Details	IPv4	1	79.218.142.200
Details	Pdb	1	c:\projects\ransom\bin\release\loader.pdb
Details	Pdb	1	c:\projects\ransom\bin\release\core.pdb
Details	Url	1	https://gist.github.com/hasherezade/5b742b46df4f79fdb784
Details	Url	1	https://malwr.com/analysis/zjc0mdg0zmrlmjhkngyxztlmzwi1nzixmtlhymeyodu
Details	Url	1	https://gist.github.com/hasherezade/ceef1c2fed2c70f37d6e
Details	Url	1	http://www.techwalls.com/chimera-ransomware-now-even-harder-decrypt
Details	Url	1	http://www.bleepingcomputer.com/news/security/chimera-ransomware-uses-a-peer-to-peer-decryption-service