ioc[.]one - OSINT Cyber Threat Intelligence Database

New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices

Tags

attack-pattern:

Data Domains - T1583.001 Domains - T1584.001 Firmware - T1592.003 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Private Keys - T1145

Show in Graph

Common Information

Type	Value
UUID	48ab8461-fa81-4386-be5f-a33723574905
Fingerprint	b7a190118417144e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 10, 2021, 10 a.m.
Added to db	Feb. 18, 2023, 12:28 a.m.
Last updated	Nov. 17, 2024, 5:54 p.m.
Headline	New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
Title	New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
Detected Hints/Tags/Attributes	81/1/49

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	16	cve-2021-28799
Details	Domain	162	bleepingcomputer.com
Details	File	14	readme_for_decrypt.txt
Details	File	2	qnapsystem.php
Details	File	28	tar.bz2
Details	File	1	xcf.gz
Details	File	131	tar.gz
Details	sha256	2	cc112184b17d65229ce20487d98a3751dceb3efbee7bf70929a35b66416ae248
Details	sha256	2	670250a169ba548c07a5066a70087e83bbc7fd468ef46199d76f97f9e7f72f36
Details	sha256	2	039a997681655004aed1cc4c6ee24bf112d79e4f3b823ccae96b4a32c5ed1b4c
Details	sha256	2	551e03e17d1df9bd5b712bec7763578c01e7bffe9b93db246e36ec0a174f7467
Details	sha256	2	36cfb1a7c971041c9483e4f4e092372c9c1ab792cd9de7b821718ccd0dbb09c1
Details	sha256	2	bb3b0e981e52a8250abcdf320bf7e5398d7bebf015643f8469f63d943b42f284
Details	sha256	2	2fe577fd9c77d3bebdcf9bfc6416c3f9a12755964a8098744519709daf2b09ce
Details	sha256	2	fedcce505a5e307c1d116d52b3122f6484b3d25fb3c4d666fe7af087cfe85349
Details	sha256	2	6df0897d4eb0826c47850968708143ecb9b58a0f3453caa615c0f62396ef816b
Details	sha256	2	9f9bbbc80a2035df99abd60dc26e9b068b63e5fcc498e700b8cc6640ca39261b
Details	sha256	2	0b851832f9383df7739cd28ccdfd59925e9af7203b035711a7d96bba34a9eb04
Details	sha256	2	19448f9aa1fe6c07d52abc59d1657a7381cfdb4a4fa541279097cc9e9412964b
Details	sha256	2	7fa8ebcccde118986c4fd4a0f61ca7e513d1c2e28a6efdf183c10204550d87ce
Details	sha256	2	4691946e508348f458da1b1a7617d55d3fa4dc9679fff39993853e018fc28f8e
Details	sha256	2	230d4522c2ffe31d6facd9eae829d486dfc5b4f55b2814e28471c6d0e7c9bf49
Details	sha256	2	21d5021d00e95dba6e23cee3e83b126b068ad936128894a1750bbcd4f1eb9391
Details	sha256	2	283b2fa0fcddff18278d924c89c68bbcd980728761bd26c5dea4ec4de69b841e
Details	sha256	2	d2ebe2a961d07501f0614b3ba511cf44cb0be2e8e342e464a20633ed7f1fc884
Details	sha256	2	74169aebae6412e5408904d8f6a2eb977113b3ac355c53dfd366e2903b428c62
Details	sha256	2	2e3a6bd6d2e03c347d8c717465fec6347037b7f25adae49e9e089bc744706545
Details	sha256	2	3c533054390bc2d04ba96089302170a806c5cdb624536037a38c9ecb5aeea75d
Details	sha256	2	a8accaab01a8ad16029ea0e8035a79083140026e33f8580aae217b1ef216febc
Details	sha256	2	9d4bc803c256bd340664ce08c2bf68249f33419d7decd866f3ade78626c95422
Details	sha256	2	0e4534d015c4e6691ff3920b19c93d63c61a0f36497cb0861a149999b61b98e1
Details	sha256	1	fe4efccf56f989bf1b326dd9890681d21c97309fee61fdac8eb2081398e4d2b1
Details	sha256	1	f6f6e34e93c4ec191807819bd0a3e18fe91bd390ec6c67fadc970d01c25f517b
Details	sha256	1	3b93b18ae4f3aad450897e7d02346b843e38358a0c51b834d1971824c0a30b97
Details	sha256	1	0fa72e1644ed30436844eafc53c3003f0de056d68953673e0b5600099d0b5b8f
Details	sha256	1	88a73f1c1e5a7c921f61638d06f3fed7389e1b163da7a1cc62a666d0a88baf47
Details	sha256	2	154dea7cace3d58c0ceccb5a3b8d7e0347674a0e76daffa9fa53578c036d9357
Details	IPv4	2	64.42.152.46
Details	IPv4	2	183.76.46.30
Details	IPv4	2	98.144.56.47
Details	IPv4	2	2.37.149.230
Details	IPv4	2	161.35.151.35
Details	IPv4	2	185.10.68.89
Details	IPv4	2	185.181.229.175
Details	IPv4	2	176.122.23.54
Details	Url	1	https://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/api/getavailkeysbyapikey/chuadfbhd8hpgvs7wh8es3s0vv-rusj6
Details	Url	1	https://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/api/getavailkeysbyapikey/41xvlf4tq1b3ixd5okwcnhcj7fh9gmb2
Details	Url	1	https://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/api/getavailkeysbyapikey/hv3pwxhlkfounje9u3eogogbgsh2bgt0
Details	Url	1	https://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/api/getavailkeysbyapikey/-xs-0uchpaajgaqckye29icdijeaakj7