PlutoCrypt - A CryptoJoker Ransomware Variant
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 2780cafa-fa0a-4d92-b216-de6b5036b3ef |
| Fingerprint | 8402ad7b0526ab04 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 14, 2023, midnight |
| Added to db | Aug. 30, 2024, 11:13 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | PlutoCrypt - A CryptoJoker Ransomware Variant |
| Title | PlutoCrypt - A CryptoJoker Ransomware Variant |
| Detected Hints/Tags/Attributes | 68/3/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://0xtoxin.github.io/threat%20breakdown/PlutoCrypt-DeepDive/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 7 | ✔ | Toxin Labs | https://0xtoxin.github.io/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 34 | xxx.xxx |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | hostdone.ddns.net |
|
| Details | Domain | 73 | schemas.microsoft.com |
|
| Details | Domain | 1 | rufus.com |
|
| Details | Domain | 1 | pluton.pw |
|
| Details | Domain | 1 | deni.tk |
|
| Details | 6 | xxx@xxx.xxx |
||
| Details | 1 | sifre@pluton.pw |
||
| Details | File | 1 | x1.xml |
|
| Details | File | 1 | 'x.xml |
|
| Details | File | 5 | task.xml |
|
| Details | File | 1 | 'task.xml |
|
| Details | File | 1 | 'iotlog.pdf |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 1 | iotlog.pdf |
|
| Details | File | 1 | c:\windows \system32' copy c:\windows\system32\taskmgr.exe |
|
| Details | File | 1 | c:\windows \system32\taskmgr.exe |
|
| Details | File | 1 | 'uxtheme.dll |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 29 | uxtheme.dll |
|
| Details | File | 7 | x.xml |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | %appdata%\listpr.txt |
|
| Details | File | 1 | listpr.txt |
|
| Details | File | 1 | aapr.txt |
|
| Details | File | 1 | listd.txt |
|
| Details | File | 1 | holo.txt |
|
| Details | File | 8 | pl.exe |
|
| Details | File | 1 | enc.xml |
|
| Details | File | 1 | %appdata%\pl.exe |
|
| Details | File | 1 | iot-10-04-2023logs.rar |
|
| Details | sha256 | 1 | 9026c67b52f9ddece9a7e203978e8aa9ffa5a128cf83a238c924dce141899aec |
|
| Details | sha256 | 1 | b05328077aa1dd5dba4d8e25cb028dc4f533bd1dd69bc6d12ec2f8298598f803 |
|
| Details | sha256 | 1 | 6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073 |
|
| Details | sha256 | 1 | 8279282e07e2fa82cad4f0cb0b450e77dab930a7db7c9488f663002753d79dde |
|
| Details | sha256 | 1 | df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd |
|
| Details | sha256 | 1 | 20cf29f926a18b44f580137ddb65d81bc0ed419412910a7682ee7b95b186ac82 |
|
| Details | sha256 | 1 | e8527f309846d18fbf85289283dcde7b19063a50b11263ba0d36663df8fcfd30 |
|
| Details | IPv4 | 1 | 199.192.20.58 |
|
| Details | Url | 1 | http://hostdone.ddns.net/x1.xml |
|
| Details | Url | 1 | http://hostdone.ddns.net/task.xml |
|
| Details | Url | 1 | http://hostdone.ddns.net/t.pd |
|
| Details | Url | 19 | http://schemas.microsoft.com/windows/2004/02/mit/task |
|
| Details | Url | 1 | http://hostdone.ddns.net/u.dl |
|
| Details | Url | 1 | http://hostdone.ddns.net/pl.exe |
|
| Details | Url | 1 | http://hostdone.ddns.net/e |