Winsecure
Tags
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 40a350f0-4f41-4b68-b12a-479f8c5bfba7 |
| Fingerprint | 76e5752e406c0bda |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 2, 2018, 11:04 a.m. |
| Added to db | Jan. 18, 2023, 7:54 p.m. |
| Last updated | Nov. 18, 2024, 7:34 a.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Winsecure |
| Detected Hints/Tags/Attributes | 17/1/9 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2018/07/winsecure-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 20 | ifconfig.me |
|
| Details | Domain | 1 | incodewetrusthatwhatwedo.es |
|
| Details | Domain | 913 | any.run |
|
| Details | File | 1 | winsecure.exe |
|
| Details | File | 1 | ransom_pay.html |
|
| Details | File | 4 | ransom_note.txt |
|
| Details | File | 1 | %temp%\winsecure.exe |
|
| Details | IPv4 | 1 | 173.194.44.20 |
|
| Details | Windows Registry Key | 2 | HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE |