Locky ransomware, metrics and protection
Tags
| country: | Norway |
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 749f1e7b-72b7-4877-bcff-004d9401213e |
| Fingerprint | ac143f7b28a6bec9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 16, 2016, midnight |
| Added to db | Jan. 18, 2023, 10:49 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Locky ransomware, metrics and protection |
| Title | Locky ransomware, metrics and protection |
| Detected Hints/Tags/Attributes | 44/2/92 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.bitsighttech.com/blog/locky-ransomware-metrics-and-protection |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.iglobali.com |
|
| Details | Domain | 1 | www.southlife.church |
|
| Details | Domain | 1 | www.villaggio.airwave.at |
|
| Details | Domain | 1 | mondero.ru |
|
| Details | Domain | 2 | tcpos.com.vn |
|
| Details | Domain | 1 | www.bag-online.com |
|
| Details | Domain | 2 | iynus.net |
|
| Details | Domain | 1 | www.jesusdenazaret.com.ve |
|
| Details | Domain | 4 | 6dtxgqam4crv6rr6.onion |
|
| Details | Domain | 2 | 6dtxgqam4crv6rr6.tor2web.org |
|
| Details | Domain | 2 | 6dtxgqam4crv6rr6.onion.to |
|
| Details | Domain | 2 | 6dtxgqam4crv6rr6.onion.cab |
|
| Details | Domain | 3 | pvwinlrmwvccuo.eu |
|
| Details | Domain | 2 | ssojravpf.be |
|
| Details | Domain | 2 | gioaqjklhoxf.eu |
|
| Details | Domain | 2 | txlmnqnunppnpuq.ru |
|
| Details | Domain | 2 | lneqqkvxxogomu.eu |
|
| Details | Domain | 2 | kpybuhnosdrm.in |
|
| Details | Domain | 2 | dkoipg.pw |
|
| Details | Domain | 3 | wblejsfob.pw |
|
| Details | Domain | 3 | cgavqeodnop.it |
|
| Details | Domain | 2 | nquvsq.pm |
|
| Details | File | 9 | _locky_recover_instructions.txt |
|
| Details | File | 4 | _locky_recover_instructions.bmp |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 2 | r34f3345g.exe |
|
| Details | File | 29 | onion.cab |
|
| Details | sha256 | 1 | 46cf36241696d4127b5d32cbde63a672d9a037d9d47bd59ae8346d83424b53c9 |
|
| Details | sha256 | 1 | 566878276748089f6e87b20fd18bfab4018d9e33fae6e28cb87ffb43b1b80582 |
|
| Details | sha256 | 1 | 5ad06eda999a9f2f28c2057ba40bd2f7b6a7cb2e1915104b2724753649e97de5 |
|
| Details | sha256 | 1 | 6cb7c240baae725f22de4ba18f008862a4c08a23c928f9f3617404dda34b67fc |
|
| Details | sha256 | 1 | 70804dd059ab99aeecd2019d471295e08f004d399fb4cfa5b097d126fdffb306 |
|
| Details | sha256 | 1 | eee4f20577c2bb49d5d298dd747075e9d21cca981077f941b6222564adf4df2e |
|
| Details | sha256 | 1 | 02b00f7615e1fd9091d947dad00dfe60528d9015b694374df2b5525ea6dd1301 |
|
| Details | sha256 | 1 | 05b76b4a79118abd849c22b9d78e37c64802427776e63d690953c7a49ba2811b |
|
| Details | sha256 | 1 | 0adeb1b7c46b0b33690d8f0c33fa5944e441516cff2b80ca9a6b00555e07c10f |
|
| Details | sha256 | 1 | 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2 |
|
| Details | sha256 | 1 | 266826db0014263c857577d1b61cb6ec67707ea3ce6f0b41855098f8b316d84a |
|
| Details | sha256 | 1 | 2d6120701bd48c6395aa199211ebe5db01229ac48d98eada89da962769d05122 |
|
| Details | sha256 | 1 | 3eb1e97e1bd96b919170c0439307a326aa28acc84b1f644e81e17d24794b9b57 |
|
| Details | sha256 | 1 | 47b27cb727b1ada6c65c7bf30b57537b26080f1f5a6730be91b767427945d731 |
|
| Details | sha256 | 1 | 4da4801c5ae6e801b978c430fb733e28443e98510af818246f34101f5686556c |
|
| Details | sha256 | 1 | 4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce |
|
| Details | sha256 | 1 | 4fd7543247c1f7f2fb5d1c7f99b52ad0a41fb07aa9f388c46a6c5920a848c19a |
|
| Details | sha256 | 1 | 5434b9ecdb4aba3f8e89ea41917a25bda462e0a2d3958460fd92b8418717ad32 |
|
| Details | sha256 | 1 | 5685955f0cf5fd4159d32c7238c5fa24097c8104876872f1dae42a2b40f996c3 |
|
| Details | sha256 | 1 | 5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8 |
|
| Details | sha256 | 1 | 658e17adf469ec61f1cc62a0c3932185e94f9557597dcf4714575706efd71141 |
|
| Details | sha256 | 1 | 73c41e29e75e998a186e6fc74b81fbc537f3b232a5d07b5621e8fd3485506b87 |
|
| Details | sha256 | 1 | 77d66d710acddbe66a4f88b9db8775466a35948bad8716c188490ae0aca9a2f9 |
|
| Details | sha256 | 1 | 77dac064d0096dccd5e67c02b9862d02f2671aa3aab12cf09f1d4d14c99b060b |
|
| Details | sha256 | 1 | 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a |
|
| Details | sha256 | 1 | 7b23fee16740c54dffe9bedae6b37f18072331051012e54747675f4e8c5dea75 |
|
| Details | sha256 | 1 | 7d0adcd0dd84a4941138806cecb1dba5e243af9b33bd09c0dddc382c37eeda8e |
|
| Details | sha256 | 1 | 7d69f3934be22a9bdcf0e20059d6c0a851218abe9aa07b83795c54e696be6142 |
|
| Details | sha256 | 1 | 99acfca8e9a8bc59f77403e68c88f82f9e5c6fd2ab285b6153e9b57388c5a5e1 |
|
| Details | sha256 | 1 | 9dbed54e6775e26f9669087479795b8f76635a323c80ad6619a86f84f008b23e |
|
| Details | sha256 | 1 | a342da44b1d951bf87059344f0c4da9264c9fc041bf9dcf52f59bbfd75e5cf13 |
|
| Details | sha256 | 1 | acee75cd346795ceb02fc30aa822d13c4132e64fd36b5244dd822199a5a0c0a7 |
|
| Details | sha256 | 1 | bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3 |
|
| Details | sha256 | 1 | bf5f58a6fde64003eb0409d2709a28e86d502af7257b265c8ab5db1a06bb9720 |
|
| Details | sha256 | 1 | c866dcfa95c50443ed5e0b4d2c0b63c1443ad330cb7d384370a244c6f58ce8a5 |
|
| Details | sha256 | 1 | e95cde1e6fa2ce300bf778f3e9f17dfc6a3e499cb0081070ef5d3d15507f367b |
|
| Details | sha256 | 1 | ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90 |
|
| Details | sha256 | 1 | ee8ac0136fac0ed78903e1f8c8afb934d6970b4dedd70ae526196a328a3d74ee |
|
| Details | sha256 | 1 | f4e4cf516f1a6918530d778f1a0c87a9fb2708f8e840e5fed3ed0cf933042d9b |
|
| Details | sha256 | 1 | f56655bfbd1be9eab245dc283b7c71991881a845f3caf8fb930f7baabae51059 |
|
| Details | sha256 | 1 | f96d20ae047e1c9cfd824eb175b0947dda87f2782bfd0b720a34610833ee663e |
|
| Details | sha256 | 1 | fbd035d1a91846cb492ffe553d7c76c41c4a8e338320d8a2f9367fec30e3d175 |
|
| Details | sha256 | 1 | fe7ec54b8049e6dbaba7862da6b349d64de139e88fa37c98102103fca3d13cd2 |
|
| Details | IPv4 | 2 | 173.214.183.81 |
|
| Details | IPv4 | 2 | 66.133.129.5 |
|
| Details | IPv4 | 1 | 85.25.149.246 |
|
| Details | IPv4 | 1 | 185.46.11.239 |
|
| Details | IPv4 | 2 | 46.4.239.76 |
|
| Details | IPv4 | 2 | 94.242.57.45 |
|
| Details | IPv4 | 1 | 109.234.38.35 |
|
| Details | Url | 1 | http://www.iglobali.com/34gf5y/r34f3345g.exe |
|
| Details | Url | 1 | http://www.southlife.church/34gf5y/r34f3345g.exe |
|
| Details | Url | 1 | http://www.villaggio.airwave.at/34gf5y/r34f3345g.exe |
|
| Details | Url | 1 | http://mondero.ru/system/logs/56y4g45gh45h |
|
| Details | Url | 2 | http://tcpos.com.vn/system/logs/56y4g45gh45h |
|
| Details | Url | 1 | http://www.bag-online.com/system/logs/56y4g45gh45h |
|
| Details | Url | 1 | http://173.214.183.81 |
|
| Details | Url | 1 | http://iynus.net |
|
| Details | Url | 2 | http://66.133.129.5 |
|
| Details | Url | 1 | http://www.jesusdenazaret.com.ve/34gf5y/r34f3345g.exe |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Locky |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Lockyid |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Lockypubkey |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Lockypaytext |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Locky |