GitHub - Antelox/NemucodFR: Extract the key and use it to recover encrypted files by Nemucod Ransomware [.crypted]
Tags
| attack-pattern: | Data Javascript - T1059.007 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 4c735fe3-139b-4500-bd92-13dea3c35df8 |
| Fingerprint | 3ce3983224299ac5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 22, 2016, midnight |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Oct. 1, 2024, 2:39 p.m. |
| Headline | Antelox/NemucodFR |
| Title | GitHub - Antelox/NemucodFR: Extract the key and use it to recover encrypted files by Nemucod Ransomware [.crypted] |
| Detected Hints/Tags/Attributes | 27/1/21 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/Antelox/NemucodFR |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | nemucodke.py |
|
| Details | Domain | 1 | nemucodfr.py |
|
| Details | Domain | 1 | nemucodpt.py |
|
| Details | Domain | 1 | nemucodre.py |
|
| Details | Domain | 3 | glot.io |
|
| Details | Domain | 33 | blog.fortinet.com |
|
| Details | Domain | 6 | reaqta.com |
|
| Details | Domain | 14 | documents.zip |
|
| Details | File | 1 | nemucodke.py |
|
| Details | File | 1 | nemucodfr.py |
|
| Details | File | 1 | nemucodpt.py |
|
| Details | File | 1 | nemucodre.py |
|
| Details | File | 12 | documents.zip |
|
| Details | File | 1 | key_2048_255.txt |
|
| Details | File | 1 | key_1024_102.txt |
|
| Details | File | 1 | key_1024_36.txt |
|
| Details | File | 1 | key_1024_1024.txt |
|
| Details | Url | 1 | https://glot.io/snippets/ee7hiif87k |
|
| Details | Url | 1 | https://blog.fortinet.com/post/nemucod-adds-ransomware-routine |
|
| Details | Url | 1 | https://reaqta.com/2016/04/nemucod-meets-7zip-to-launch-ransomware |
|
| Details | Url | 1 | https://reaqta.com/2016/06/nemucod-meets-php |