RedRum, Tycoon
Tags
| attack-pattern: | Data Msbuild - T1127.001 Python - T1059.006 Software - T1592.002 Third-Party Software - T1072 |
Common Information
| Type | Value |
|---|---|
| UUID | 3cefd545-2473-41ab-8ae5-e8b41a6fc1d6 |
| Fingerprint | 26fd187f4c8502fb |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 5, 2019, 3:31 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | RedRum, Tycoon |
| Detected Hints/Tags/Attributes | 47/1/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.com/2019/12/redrum-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 35 | tutamail.com |
|
| Details | Domain | 1 | document.doc.id |
|
| Details | Domain | 144 | cock.li |
|
| Details | Domain | 1 | exmo.me |
|
| Details | Domain | 8 | localbitcoins.net |
|
| Details | Domain | 37 | java.security |
|
| Details | Domain | 1 | java.security.secure |
|
| Details | Domain | 18 | cock.lu |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 136 | mail.com |
|
| Details | Domain | 167 | tutanota.com |
|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 911 | any.run |
|
| Details | 1 | moncler@tutamail.com |
||
| Details | 1 | document.doc.id-d983051a.[moncler@tutamail.com |
||
| Details | 1 | moncler@cock.li |
||
| Details | 2 | pay4dec@cock.lu |
||
| Details | 1 | ppp4ddd@protonmail.com |
||
| Details | 1 | dataissafe@protonmail.com |
||
| Details | 1 | dataissafe@mail.com |
||
| Details | 1 | foxbit@tutanota.com |
||
| Details | 1 | relaxmate@protonmail.com |
||
| Details | 1 | crocodelux@mail.ru |
||
| Details | 1 | savecopy@cock.li |
||
| Details | 1 | bazooka@cock.li |
||
| Details | 1 | funtik@tutamail.com |
||
| Details | 1 | proff-mariarti@protonmail.com |
||
| Details | 1 | eruption.decryption@mail.ru.txt |
||
| Details | 1 | decryption@mail.ru |
||
| Details | File | 35 | document.doc |
|
| Details | File | 3 | decryption.txt |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 52 | pagefile.sys |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 90 | bootfont.bin |
|
| Details | File | 38 | io.sys |
|
| Details | File | 1 | process1.exe |
|
| Details | File | 7 | filename.doc |
|
| Details | File | 1 | ru.txt |
|
| Details | Url | 1 | https://exmo.me/en/support# |
|
| Details | Url | 1 | https://localbitcoins.net/guides/how-to-buy-bitcoins |