Sfile, Escal
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Email Account - T1087.003 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 281133ca-0837-4a93-a286-35aec9725d81 |
| Fingerprint | 36775a7e76359921 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 6, 2020, 1:30 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Sfile, Escal |
| Detected Hints/Tags/Attributes | 59/2/56 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.com/2020/02/sfile2-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | filecoder.ac |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 15 | elude.in |
|
| Details | Domain | 11 | files.fm |
|
| Details | Domain | 58 | mailfence.com |
|
| Details | Domain | 89 | protonmail.ch |
|
| Details | Domain | 22 | privatemail.com |
|
| Details | Domain | 24 | ctemplar.com |
|
| Details | Domain | 1 | fmiint.com |
|
| Details | Domain | 2 | mailinfence.com |
|
| Details | Domain | 15 | malware.ai |
|
| Details | Domain | 1 | intcobcrypt.pa |
|
| Details | Domain | 85 | onionmail.org |
|
| Details | 2 | gtimph@protonmail.com |
||
| Details | 2 | cupermate@protonmail.com |
||
| Details | 2 | cupermate@elude.in |
||
| Details | 2 | imperial755@protonmail.com |
||
| Details | 2 | imperial@mailfence.com |
||
| Details | 3 | greemsy.jj@protonmail.ch |
||
| Details | 3 | jj.greemsy@mailfence.com |
||
| Details | 3 | johny2recoveryusa@protonmail.com |
||
| Details | 3 | johny3@mailfence.com |
||
| Details | 4 | jorge.smith@mailfence.com |
||
| Details | 4 | finbdodscokpd@privatemail.com |
||
| Details | 3 | mallyrecovery@protonmail.ch |
||
| Details | 3 | mally@mailfence.com |
||
| Details | 3 | recoverfiles@ctemplar.com |
||
| Details | 3 | recoverfilesquickly@ctemplar.com |
||
| Details | 3 | primethetime@protonmail.com |
||
| Details | 2 | ssdfsdfsdf@mailinfence.com |
||
| Details | 2 | ssdfsdfsdf@protonmail.com |
||
| Details | 2 | rickowens@onionmail.org |
||
| Details | 2 | rickowens@mailfence.com |
||
| Details | 2 | john.blues3i7456@protonmail.com |
||
| Details | 2 | mario.jolly@mailfence.com |
||
| Details | 3 | niss.brook@onionmail.org |
||
| Details | 3 | niss.brandon@mailfence.com |
||
| Details | File | 5 | variant.msi |
|
| Details | File | 1 | _files_encrypted_.txt |
|
| Details | File | 1 | грузы.xlsx |
|
| Details | File | 3 | webroot_updater.exe |
|
| Details | File | 37 | ransomware.exe |
|
| Details | File | 1 | documents.inf |
|
| Details | File | 1 | systemschedulehost.exe |
|
| Details | File | 1 | brn.inf |
|
| Details | File | 1 | lazparking-message.txt |
|
| Details | File | 2 | data.inf |
|
| Details | File | 1 | fmiint.log |
|
| Details | File | 15 | malware.ai |
|
| Details | File | 5 | 1.db |
|
| Details | File | 1 | agent.wps |
|
| Details | File | 1 | laposada_howtodecipher.inf |
|
| Details | File | 1 | afr.log |
|
| Details | Pdb | 1 | d:\code\ransomware_win\bin\ransomware.pdb |
|
| Details | Pdb | 2 | d:\fake.pdb |