ioc[.]one - OSINT Cyber Threat Intelligence Database

Evolution of JSWorm ransomware

Tags

country:	Belarus Belgium Brazil China Germany France India Kazakhstan Mexico Tajikistan Uzbekistan Russia Vietnam Togo Tokelau Ukraine United States Of America
attack-pattern:	Data Model Models Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Botnet - T1583.005 Botnet - T1584.005 Email Addresses - T1589.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	714ec5de-1dc5-44ae-bb66-b05f7bad8177
Fingerprint	be75d819a6259691
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 25, 2021, 7 a.m.
Added to db	Sept. 11, 2022, 12:35 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Evolution of JSWorm ransomware
Title	Evolution of JSWorm ransomware
Detected Hints/Tags/Attributes	131/2/32

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/evolution-of-jsworm-ransomware/102428/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

Attributes

Details	Type	#Events	Value
Details	Domain	396	protonmail.com
Details	Domain	129	api.ipify.org
Details	Domain	5	api.db-ip.com
Details	Domain	12	dist.torproject.org
Details	Domain	3	zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion
Details	Email	3	mail@domain.tld
Details	Email	1	id-nqh1j49][doctorsune@protonmail.com
Details	File	4	api.db
Details	File	5	5.zip
Details	File	4	nefilim-decrypt.txt
Details	File	1	scam.jpg
Details	File	1	telegram-recover.txt
Details	File	1	fusion-readme.txt
Details	File	1	-instruct.txt
Details	File	351	recycle.bin
Details	File	1	milihpen-instruct.txt
Details	md5	1	a20156344fc4832ecc1b914f7de1a922
Details	md5	1	5444336139b1b9df54e390b73349a168
Details	md5	1	1780f3a86beceb242aa81afecf6d1c01
Details	md5	1	5ff20e2b723edb2d0fb27df4fc2c4468
Details	md5	1	141dbb1ff0368bd0359972fb5849832d
Details	md5	1	ad25b6af563156765025bf92c32df090
Details	md5	1	004f67c79b428da67938dadec0a1e1a4
Details	md5	1	f37cebdff5de994383f34bcef4131cdf
Details	md5	1	e226e6ee60a4ad9fc8eec41da750dd66
Details	md5	1	173ab5a59490ea2f66fe37c5e20e05b8
Details	IPv4	2	0.4.0.5
Details	Url	11	http://api.ipify.org
Details	Url	1	http://api.db-ip.com/v2/free
Details	Url	1	https://dist.torproject.org/torbrowser/8.5.4/tor-win32-0.4.0.5.zip
Details	Windows Registry Key	41	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	112	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run