Vanguard
Tags
attack-pattern: Data Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 748db2a2-d08e-4a0a-b50d-b2b30423f1ca
Fingerprint b4706dfb996e7252
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 22, 2017, 11:10 p.m.
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title Vanguard
Detected Hints/Tags/Attributes 38/1/29
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2017/02/vanguard-ransomware.html
Details Source https://id-ransomware.blogspot.co.il/2017/02/vanguard-ransomware.html
URL Provider
Details Provider Source level domain
Details blogspot.co.il id-ransomware.blogspot.co.il
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 35 
translate.google.com
Details Domain 68 
www.coindesk.com
Details Domain 7 
www.bitcoin.com
Details Domain 48 
myexternalip.com
Details Domain 1 
azxtr3foqyvpz3ob.onion.casa
Details Domain 1 
secure2.alphassl.com
Details Domain 10 
www.download.windowsupdate.com
Details File 4 
decrypt_instructions.txt
Details File 345 
vssadmin.exe
Details File 1 
vanguard.exe
Details File 3 
msword.exe
Details File 12 
del.bat
Details File 1 
cab1.tmp
Details File 1 
cab3.tmp
Details File 1 
tar2.tmp
Details File 1 
tar4.tmp
Details File 1 
%temp%\msword.exe
Details File 2 
%temp%\del.bat
Details File 1 
%temp%\cab1.tmp
Details File 1 
%temp%\tar2.tmp
Details File 1 
%temp%\cab3.tmp
Details File 1 
%temp%\tar4.tmp
Details IPv4 10 
78.47.139.102
Details IPv4 1 
167.160.185.136
Details IPv4 1 
104.16.29.16
Details IPv4 1 
92.122.122.144
Details Url 22 
https://translate.google.com
Details Url 41 
http://www.coindesk.com/information/how-can-i-buy-bitcoins
Details Url 5 
https://www.bitcoin.com/buy-bitcoin