Zepto variant of Locky ransomware delivered via popular Cloud Storage apps
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID 2c543d67-784a-49c9-b397-2081d28eee00
Fingerprint ac572cd22caa2aec
Analysis status DONE
Considered CTI value 2
Text language
Published July 19, 2016, 9:29 p.m.
Added to db Jan. 18, 2023, 11:31 p.m.
Last updated Sept. 5, 2024, 12:11 a.m.
Headline Zepto variant of Locky ransomware delivered via popular Cloud Storage apps
Title Zepto variant of Locky ransomware delivered via popular Cloud Storage apps
Detected Hints/Tags/Attributes 44/1/20
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/zepto-variant-locky-ransomware-delivered-via-popular-cloud-storage-apps/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
mystyleparrucchieri.com
Details Domain 1 
intracorp.ca
Details Domain 1 
sophoula.com
Details File 1 
hrkfnzpt.exe
Details File 3 
_dispatch.php
Details File 2 
_help_instructions.bmp
Details File 2 
_help_instructions.html
Details File 4 
_locky_recover_instructions.bmp
Details File 9 
_locky_recover_instructions.txt
Details md5 2 
6968F0AF128C27C6C970ADC0B301D204
Details md5 1 
13BF5D82676026EFCF47C411D6C4429C
Details md5 1 
7340EFCB3B352CD228A77782C74943A4
Details IPv4 1 
77.222.54.202
Details IPv4 1 
91.209.77.166
Details IPv4 1 
185.118.66.83
Details IPv4 1 
5.187.0.137
Details IPv4 1 
185.5.250.135
Details Url 1 
http://mystyleparrucchieri.com/b1wm24b
Details Url 1 
http://intracorp.ca/wf5oo4
Details Url 1 
http://sophoula.com/e6yscv