Scarab-Bomber
Tags
| country: | India Turkey |
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 308c299e-3d89-4b6b-bc9e-eb03def00a4e |
| Fingerprint | 6457a7a24479e11 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 18, 2018, 10:50 p.m. |
| Added to db | Jan. 18, 2023, 7:54 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Scarab-Bomber |
| Detected Hints/Tags/Attributes | 51/2/127 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2018/06/scarab-bomber-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 167 | tutanota.com |
|
| Details | Domain | 25 | mail.ee |
|
| Details | Domain | 2 | yandex.by |
|
| Details | Domain | 19 | bitmsg.me |
|
| Details | Domain | 132 | blockchain.info |
|
| Details | Domain | 162 | localbitcoins.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 2 | forum.kasperskyclub.ru |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 68 | www.coindesk.com |
|
| Details | Domain | 68 | keemail.me |
|
| Details | Domain | 144 | cock.li |
|
| Details | Domain | 35 | tutamail.com |
|
| Details | Domain | 1 | mark.support |
|
| Details | Domain | 83 | tuta.io |
|
| Details | Domain | 84 | airmail.cc |
|
| Details | Domain | 37 | xmpp.jp |
|
| Details | Domain | 2 | www.pidgin.im |
|
| Details | Domain | 1 | otr.cypherpunks.ca |
|
| Details | Domain | 5 | www.xmpp.jp |
|
| Details | Domain | 1 | bomber.support |
|
| Details | Domain | 6 | mail.bg |
|
| Details | Domain | 1 | staff-obmen.com |
|
| Details | Domain | 8 | www.coinmama.com |
|
| Details | Domain | 2 | buy.bitcoin.com |
|
| Details | Domain | 99 | qq.com |
|
| Details | Domain | 17 | foxmail.com |
|
| Details | Domain | 99 | india.com |
|
| Details | Domain | 46 | firemail.cc |
|
| Details | Domain | 10 | horsefucker.org |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 89 | protonmail.ch |
|
| Details | 1 | soft2018@tutanota.com |
||
| Details | 1 | soft2018@mail.ee |
||
| Details | 1 | newsoft2018@yandex.by |
||
| Details | 1 | test_bomber_test@test.test |
||
| Details | 1 | dexcrypt@protonmail.com |
||
| Details | 1 | mrdeep@protonmail.com |
||
| Details | 1 | cr64@keemail.me |
||
| Details | 1 | cr64@mail.ee |
||
| Details | 1 | gardengarden@cock.li |
||
| Details | 1 | servicedeskpay@protonmail.com |
||
| Details | 1 | gluttonbd@protonmail.com |
||
| Details | 1 | s29js31@tutamail.com |
||
| Details | 1 | s29js31@mail.ee |
||
| Details | 1 | mark.support@protonmail.com |
||
| Details | 2 | f1220@tuta.io |
||
| Details | 1 | f1220@mail.ee |
||
| Details | 2 | helpersmasters@airmail.cc |
||
| Details | 1 | yourhope@airmail.cc |
||
| Details | 1 | helpersmasters@xmpp.jp |
||
| Details | 2 | wewillhelp@airmail.cc |
||
| Details | 1 | bomber.support@mail.bg |
||
| Details | 1 | lolitahelp@cock.li |
||
| Details | 1 | lolitahelp@protonmail.com |
||
| Details | 3 | stevenseagal@airmail.cc |
||
| Details | 3 | fileisafe@tuta.io |
||
| Details | 1 | fileisafe@protonmail.com |
||
| Details | 1 | rapid.supp@qq.com |
||
| Details | 1 | private-key@foxmail.com |
||
| Details | 1 | moncoin@protonmail.com |
||
| Details | 1 | moncoin@india.com |
||
| Details | 1 | georjehalique@protonmail.com |
||
| Details | 1 | crabs34@firemail.cc |
||
| Details | 1 | reserve34@firemail.cc |
||
| Details | 1 | hanzottoschmidt@protonmail.com |
||
| Details | 1 | kesoma32@horsefucker.org |
||
| Details | 1 | harry-help@foxmail.com |
||
| Details | 1 | harry.helps@aol.com |
||
| Details | 1 | alimussafenlibat@protonmail.com |
||
| Details | 1 | oslo178@cock.li |
||
| Details | 1 | sfshelpdesk@mail.ee |
||
| Details | 1 | sfshelpdesk@airmail.cc |
||
| Details | 1 | mailnitrom@protonmail.ch |
||
| Details | 1 | mailnitrom@airmail.cc |
||
| Details | 1 | mailnitrom@tutanota.com |
||
| Details | File | 9 | файлы.txt |
|
| Details | File | 133 | blockchain.inf |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 8 | tv.dll |
|
| Details | File | 13 | config.bin |
|
| Details | File | 25 | teamviewer.exe |
|
| Details | File | 16 | osk.exe |
|
| Details | File | 3 | update_w32.exe |
|
| Details | File | 1 | taskhostjf.exe |
|
| Details | File | 1 | msoobe.exe |
|
| Details | File | 2 | %appdata%\osk.exe |
|
| Details | File | 1 | c:\users\administrator\appdata\roaming\osk.exe |
|
| Details | File | 1 | c:\users\user_name\appdata\roaming\sysplannt\update_w32.exe |
|
| Details | File | 1 | c:\windows\system32\config\systemprofile\appdata\roaming\osk.exe |
|
| Details | File | 1 | 'update_w32.exe |
|
| Details | File | 140 | files.txt |
|
| Details | File | 1 | deep.exe |
|
| Details | File | 1 | %appdata%\deep.exe |
|
| Details | File | 1 | июль.gz |
|
| Details | File | 1 | abandon.exe |
|
| Details | File | 6 | sevnz.exe |
|
| Details | File | 9 | scr.exe |
|
| Details | File | 1 | initiatives.exe |
|
| Details | File | 1 | %appdata%\roaming\osk.exe |
|
| Details | File | 1 | nero.exe |
|
| Details | File | 1 | %appdata%\roaming\nero.exe |
|
| Details | File | 6 | read.txt |
|
| Details | File | 2 | svchoste.exe |
|
| Details | File | 2 | расшифровке.txt |
|
| Details | File | 29 | decrypt.txt |
|
| Details | File | 4 | l.txt |
|
| Details | File | 1 | зашифрованы.txt |
|
| Details | File | 5 | asd.exe |
|
| Details | File | 2 | dal.exe |
|
| Details | File | 2 | ldp.exe |
|
| Details | File | 3 | файлов.txt |
|
| Details | Pdb | 1 | depend.pdb |
|
| Details | Url | 8 | http://bitmsg.me |
|
| Details | Url | 6 | https://blockchain.info/ru/wallet/new |
|
| Details | Url | 8 | https://localbitcoins.com/ru/buy_bitcoins |
|
| Details | Url | 4 | https://blockchain.info/wallet/new |
|
| Details | Url | 52 | https://localbitcoins.com/buy_bitcoins |
|
| Details | Url | 41 | http://www.coindesk.com/information/how-can-i-buy-bitcoins |
|
| Details | Url | 1 | https://www.pidgin.im |
|
| Details | Url | 1 | https://otr.cypherpunks.ca |
|
| Details | Url | 1 | https://www.xmpp.jp/signup?lang=en |
|
| Details | Url | 1 | https://staff-obmen.com/en |
|
| Details | Url | 4 | https://www.coinmama.com |
|
| Details | Url | 2 | https://buy.bitcoin.com |
|
| Details | Url | 4 | https://protonmail.com |