ioc[.]one - OSINT Cyber Threat Intelligence Database

TeamXRat: Brazilian cybercrime meets ransomware

Tags

country:	Brazil Portugal
attack-pattern:	Data Direct Malware - T1587.001 Malware - T1588.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Connection Proxy - T1090 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	5f98431b-8fe6-4486-9def-6f377899e31c
Fingerprint	95103c7b24711e11
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 29, 2016, 4:42 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	TeamXRat: Brazilian cybercrime meets ransomware
Title	TeamXRat: Brazilian cybercrime meets ransomware
Detected Hints/Tags/Attributes	77/2/16

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/blog/research/76153/teamxrat-brazilian-cybercrime-meets-ransomware/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	19		email.tg
Details	Domain	54		mail2tor.com
Details	Domain	396		protonmail.com
Details	Email	1		xratteam@email.tg
Details	Email	2		corporacaoxrat@protonmail.com
Details	File	256		net.exe
Details	File	118		sc.exe
Details	File	82		taskkill.exe
Details	File	4		fb_inet_server.exe
Details	File	119		sqlservr.exe
Details	File	9		pg_ctl.exe
Details	File	1		sample_name.exe
Details	File	8		msg.exe
Details	md5	1		34260178f9e3b2e769accdee56dac793
Details	Windows Registry Key	1		HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
Details	Windows Registry Key	1		HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET