NoMoreRansom aka Troldesh Ransomware Delivered by Kelihos
Tags
country: China Russia United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Control Panel - T1218.002 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566
Show in Graph
Common Information
Type Value
UUID 1e2bc181-478f-4841-bfe5-a819d83721b6
Fingerprint aa06b07bbcefa786
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 30, 2016, 10:14 p.m.
Added to db Jan. 18, 2023, 7:49 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline CyberCrime & Doing Time
Title NoMoreRansom aka Troldesh Ransomware Delivered by Kelihos
Detected Hints/Tags/Attributes 78/3/19
Source URLs
Redirection Url
Details Source http://garwarner.blogspot.com/2016/11/nomoreransom-ransomware-by-kelihos.html
URL Provider
Details Provider Source level domain
Details blogspot.com garwarner.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 179 
www.torproject.org
Details Domain 1 
cryptsen7fo43rr6.onion
Details Domain 1 
cryptsen7fo43rr6.onion.to
Details Domain 1 
cryptsen7fo43rr6.onion.cab
Details File 3 
instructions.doc
Details File 2 
instructions.js
Details File 2 
777.exe
Details File 367 
readme.txt
Details File 34 
download-easy.html
Details File 29 
onion.cab
Details md5 1 
1d57eba1cb761b99ffcf6bc8e1273e9c
Details md5 1 
711881576383fbfeaaf90b1d6c24fce0
Details md5 1 
8441efe3901a0ec7f18c6ef5159877cc
Details IPv4 1 
95.163.127.179
Details Url 1 
http://95.163.127.179/777.exe
Details Url 15 
https://www.torproject.org/download/download-easy.html.en
Details Url 1 
http://cryptsen7fo43rr6.onion
Details Url 1 
http://cryptsen7fo43rr6.onion.to
Details Url 1 
http://cryptsen7fo43rr6.onion.cab