CryptoJacky
Tags
| attack-pattern: | Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 2a635bed-fece-49a1-9137-60d7eb64e0f8 |
| Fingerprint | 365429e6505c6b7f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 6, 2017, 6:53 p.m. |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Oct. 15, 2024, 8:29 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | CryptoJacky |
| Detected Hints/Tags/Attributes | 24/1/24 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | mail2noble.com |
|
| Details | Domain | 4 | www.bestchange.com |
|
| Details | File | 1 | ransom-payment.url |
|
| Details | File | 2 | aescrypt.exe |
|
| Details | File | 1 | cryptojacky-setup.exe |
|
| Details | File | 1 | cryptojacky.exe |
|
| Details | File | 15 | run.exe |
|
| Details | File | 1 | ransomware-c.exe |
|
| Details | File | 1 | %appdata%\r_tool\aescrypt.exe |
|
| Details | File | 1 | %appdata%\r_tool\cts-input.vbs |
|
| Details | File | 1 | %appdata%\r_tool\cts-input_error.vbs |
|
| Details | File | 1 | %appdata%\r_tool\file_extensions.txt |
|
| Details | File | 1 | %appdata%\r_tool\ransom-information.vbs |
|
| Details | File | 1 | %appdata%\r_tool\ransom-instructions.vbs |
|
| Details | File | 1 | %appdata%\r_tool\ransom-thanks.vbs |
|
| Details | File | 1 | %appdata%\r_tool\ransomware-c.exe |
|
| Details | File | 1 | %appdata%\r_tool\uninstall.exe |
|
| Details | File | 1 | %appdata%\r_tool\fake-message.vbs |
|
| Details | File | 1 | %appdata%\r_tool\rescue-of-files.exe |
|
| Details | File | 1 | %appdata%\r_tool\rescue-thanks.vbs |
|
| Details | File | 1 | %appdata%\r_tool\run.exe |
|
| Details | File | 1 | %appdata%\r_tool\ms-windows_update.exe |
|
| Details | File | 1 | windows_10_firewall_control.exe |
|
| Details | File | 2 | 00.exe |