Wacatac, DeathRansom
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 5c0f3e37-3c85-4c50-96cb-6a354d79e419 |
| Fingerprint | b6581b7a64551e2b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 19, 2019, 2:17 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Wacatac, DeathRansom |
| Detected Hints/Tags/Attributes | 55/2/38 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.com/2019/11/wacatac-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | trojan.malpack.gs |
|
| Details | Domain | 1 | bscope.trojan.download |
|
| Details | Domain | 46 | firemail.cc |
|
| Details | Domain | 6 | cumallover.me |
|
| Details | Domain | 162 | localbitcoins.com |
|
| Details | Domain | 68 | www.coindesk.com |
|
| Details | Domain | 1 | webparroquia.es |
|
| Details | Domain | 1 | steerdemens.com |
|
| Details | Domain | 47 | iplogger.org |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 84 | airmail.cc |
|
| Details | Domain | 1 | ainmail.cc |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | 1 | death@firemail.cc |
||
| Details | 1 | death@cumallover.me |
||
| Details | 1 | deathransom@airmail.cc |
||
| Details | 1 | deathransom@ainmail.cc |
||
| Details | 2 | pr0t3eam@protonmail.com |
||
| Details | File | 33 | read_me.txt |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 113 | autoexec.bat |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 120 | boot.ini |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 1 | wzmjbq.exe |
|
| Details | File | 1 | wacatac_2019-11-21_02-59.exe |
|
| Details | File | 1 | wacatac_2019-11-20_23-34.exe |
|
| Details | File | 2 | wacatac_2019-11-20_00-10.exe |
|
| Details | Url | 52 | https://localbitcoins.com/buy_bitcoins |
|
| Details | Url | 41 | http://www.coindesk.com/information/how-can-i-buy-bitcoins |
|
| Details | Windows Registry Key | 3 | HKEY_CURRENT_USER\SOFTWARE\Wacatac |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Wacatac\private |
|
| Details | Windows Registry Key | 2 | HKEY_CURRENT_USER\SOFTWARE\Wacatac\public |