Helldown, DoNex & Darktrace Ransomware
Tags
attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
Type | Value |
---|---|
UUID | 4a249799-511a-4df6-8e2f-da391270f450 |
Fingerprint | 6524a0e37476464f |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 27, 2024, 7:22 p.m. |
Added to db | Nov. 27, 2024, 8:35 p.m. |
Last updated | Dec. 11, 2024, 1:21 a.m. |
Headline | Helldown, DoNex & Darktrace Ransomware |
Title | Helldown, DoNex & Darktrace Ransomware |
Detected Hints/Tags/Attributes | 26/1/36 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 279 | www.virustotal.com |
|
Details | Domain | 4 | onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion |
|
Details | Domain | 4 | qtox.github.io |
|
Details | Domain | 182 | www.torproject.org |
|
Details | Domain | 3 | 20017623529.zip |
|
Details | File | 64 | 1.bat |
|
Details | File | 3 | 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7.exe |
|
Details | File | 3 | c:\users\admin\appdata\local\temp\7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7.exe |
|
Details | File | 5 | c:\programdata\1.bat |
|
Details | File | 5 | c:\windows\syswow64\taskkill.exe |
|
Details | File | 2196 | cmd.exe |
|
Details | File | 145 | conhost.exe |
|
Details | File | 21 | logonui.exe |
|
Details | File | 6 | fgqogsxf.txt |
|
Details | File | 3 | c:\users\admin\appdata\local\temp\3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e.exe |
|
Details | File | 3 | ckze.txt |
|
Details | File | 4 | xx.ico |
|
Details | File | 3 | donex.exe |
|
Details | File | 79 | ping.exe |
|
Details | File | 3 | 20017623529.zip |
|
Details | sha256 | 7 | 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7 |
|
Details | sha256 | 6 | 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf |
|
Details | sha256 | 7 | 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e |
|
Details | sha256 | 3 | a02ef4063430d0607e0e7b23ea7c5bf19fad9a09a12565c6745b350b00362be6 |
|
Details | sha256 | 7 | cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea |
|
Details | sha256 | 4 | 6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40 |
|
Details | sha256 | 6 | 0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a |
|
Details | IPv4 | 3 | 173.194.195.94 |
|
Details | IPv4 | 1498 | 127.0.0.1 |
|
Details | Url | 3 | https://www.virustotal.com/graph/g65c30b9f90a74764b2de211896df55fc37cc20e964194fb390f6eaf0970af9f2 |
|
Details | Url | 3 | https://www.virustotal.com/gui/file/cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea/detection |
|
Details | Url | 3 | https://www.virustotal.com/gui/file/6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40/community |
|
Details | Url | 3 | https://www.virustotal.com/gui/file/0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a/behavior |
|
Details | Url | 3 | http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion |
|
Details | Url | 3 | https://qtox.github.io |
|
Details | Url | 66 | https://www.torproject.org |