SilentShade
Tags
attack-pattern: Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 7a1181d4-bccb-4298-8d29-ff5a04e29c45
Fingerprint 3c73383e46ef8637
Analysis status DONE
Considered CTI value 0
Text language
Published June 2, 2016, 12:12 p.m.
Added to db Jan. 18, 2023, 7:51 p.m.
Last updated Nov. 17, 2024, 6:50 p.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title SilentShade
Detected Hints/Tags/Attributes 29/1/23
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2016/06/silentshade-ransomware-blackshades.html
Details Source https://id-ransomware.blogspot.com/2016/06/silentshade-ransomware-blackshades.html
URL Provider
Details Provider Source level domain
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 622 
en.wikipedia.org
Details Domain 1 
daftoraytg.com
Details Domain 396 
protonmail.com
Details Domain 13 
ru.wikipedia.org
Details Domain 62 
icanhazip.com
Details Domain 707 
google.com
Details Domain 1 
www.icanhazip.com
Details Email 1 
silentshades@protonmail.com
Details File 25 
win.exe
Details File 1 
hacked_read_me_to_decrypt_files.html
Details File 5 
hacked.txt
Details File 1 
yourid.txt
Details File 1 
%userprofile%\appdata\roaming\microsoft\windows\start menu\programs\startup\win.exe
Details File 1 
%userprofile%\appdata\roaming\microsoft\windows\start menu\programs\startup\hacked_read_me_to_decrypt_files.html
Details File 1 
%userprofile%\appdata\roaming\windows\win.exe
Details IPv4 1441 
127.0.0.1
Details Url 12 
http://en.wikipedia.org/wiki/rsa_
Details Url 1 
http://daftoraytg.com
Details Url 2 
https://ru.wikipedia.org/wiki/rsa
Details Url 7 
http://icanhazip.com
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 13 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System