Nemucod-7z
Tags
attack-pattern: Data Software - T1592.002 Ssh - T1021.004
Show in Graph
Common Information
Type Value
UUID 78ffb798-947f-48c0-a193-9543d077a01f
Fingerprint b6d24b7a0c7b5a7b
Analysis status DONE
Considered CTI value 0
Text language
Published April 20, 2016, 1 p.m.
Added to db Jan. 18, 2023, 7:50 p.m.
Last updated Nov. 12, 2024, 11:53 a.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title Nemucod-7z
Detected Hints/Tags/Attributes 30/1/28
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2016/04/nemucod-7z-ransomware.html
URL Provider
Details Provider Source level domain
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 132 
blockchain.info
Details Domain 162 
localbitcoins.com
Details Domain 1 
ujjwaljeweller.com
Details Domain 1 
topikriau.com
Details Domain 1 
yc4tuna.com
Details Domain 1 
yingyigood.com
Details Domain 1 
xn--oi2bq3ygphw3bbzh.com
Details Domain 1 
blog.jergensthebeautifuldifference.ca
Details Domain 1 
kalyonrobotik.com.tr
Details Domain 1 
bucataria-sylviei.ro
Details Domain 1 
sswboiler.com
Details Domain 1 
revspec.com
Details File 29 
decrypt.txt
Details File 133 
blockchain.inf
Details File 1 
%appdata%\desktop\decrypt.txt
Details File 1 
%userprofile%\desktop\decrypt.txt
Details File 1 
c:\user\pc\appdata\local\temp\a.txt
Details File 380 
notepad.exe
Details Url 4 
https://blockchain.info/wallet/new
Details Url 52 
https://localbitcoins.com/buy_bitcoins
Details Url 1 
http://ujjwaljeweller.com/counter/?a=***
Details Url 1 
http://topikriau.com/counter/?a=***
Details Url 1 
http://yc4tuna.com/counter/?a=***
Details Url 1 
http://yingyigood.com/counter/?a=***
Details Url 1 
http://xn--oi2bq3ygphw3bbzh.com/counter/?a=***
Details Windows Registry Key 3 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Crypted
Details Windows Registry Key 1 
HKCR\.crypted
Details Windows Registry Key 1 
HKCR\Crypted\shell\open\command