ioc[.]one - OSINT Cyber Threat Intelligence Database

Malspam delivers GandCrab ransomware 2-7-2017

Tags

attack-pattern:

Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	319f5ea6-0cf6-47ec-9734-d983a259b054
Fingerprint	ff50b07532229487
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 8, 2018, 7:26 p.m.
Added to db	Jan. 18, 2023, 9:23 p.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	NetWitness Community
Title	Malspam delivers GandCrab ransomware 2-7-2017
Detected Hints/Tags/Attributes	38/1/9

Source URLs

	Redirection	Url
Details	Source	https://community.rsa.com/community/products/netwitness/blog/2018/02/08/malspam-delivers-gandcrab-ransomware-2-7-2017

URL Provider

Details	Provider	Source level domain
Details	rsa.com	community.rsa.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	8		myonlinesecurity.co.uk
Details	Domain	1		sorinnohoun.com
Details	File	1		scan-image001_070218.jpg
Details	File	1		feb-9523713.pdf
Details	sha256	1		3aabca6aa74d4499e07d8828be981e65d421603895dd8450a15b49f1113517ff
Details	sha256	1		8f9e12851b92fcc74f9c9ab6181aa3fd49eabcf789608f9986cb136141033213
Details	sha256	1		6960a00da0069a5b1aa7e213962a65abe3b148ddb7ac508cda0f8f8492ef7eaf
Details	Threat Actor Identifier - APT	297		APT27
Details	Url	1		https://myonlinesecurity.co.uk/fake-receipt-malspam-delivers-gandcrab-ransomware-via-pdf-dropping-macro-dropping-exploit