GandCrab-3
Tags
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 8f33d7ec-5f2a-49a9-998d-e88af5dc010e |
| Fingerprint | a26759be10142ada |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 28, 2018, 4:22 a.m. |
| Added to db | Jan. 18, 2023, 7:54 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | GandCrab-3 |
| Detected Hints/Tags/Attributes | 32/1/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2018/04/gandcrab-3-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 179 | www.torproject.org |
|
| Details | Domain | 1 | psi-im.org |
|
| Details | Domain | 4 | sj.ms |
|
| Details | Domain | 1 | www.sfu.ca |
|
| Details | Domain | 2 | gandcrab2pie73et.onion |
|
| Details | Domain | 4 | ns2.wowservers.ru |
|
| Details | Domain | 4 | ns1.wowservers.ru |
|
| Details | Domain | 12 | ipv4bot.whatismyipaddress.com |
|
| Details | Domain | 1 | financialbroker.gq |
|
| Details | Domain | 1 | rated.dadsrnp.xyz |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 1 | my-dhl-invoice.top |
|
| Details | 2 | ransomware@sj.ms |
||
| Details | File | 1 | toalatspring.exe |
|
| Details | File | 8 | crab-decrypt.txt |
|
| Details | File | 26 | register.php |
|
| Details | File | 1 | psi_jabber_pc.pdf |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | jin.exe |
|
| Details | File | 33 | nslookup.exe |
|
| Details | File | 1 | kiqdsc.exe |
|
| Details | File | 1 | kssbel.exe |
|
| Details | File | 22 | apphelp.dll |
|
| Details | File | 1 | %appdata%\microsoft\kiqdsc.exe |
|
| Details | File | 1 | %appdata%\microsoft\kssbel.exe |
|
| Details | File | 2 | %windir%\system32\apphelp.dll |
|
| Details | File | 1 | resume.js |
|
| Details | File | 4 | pidor.bmp |
|
| Details | File | 1 | rt0fv0ph.exe |
|
| Details | File | 1 | nhkaro.exe |
|
| Details | File | 1 | dhl_invoice_18553.doc |
|
| Details | IPv4 | 2 | 94.249.60.127 |
|
| Details | IPv4 | 15 | 66.171.248.178 |
|
| Details | IPv4 | 1 | 95.153.32.6 |
|
| Details | Url | 63 | https://www.torproject.org |
|
| Details | Url | 1 | https://psi-im.org/download |
|
| Details | Url | 1 | http://sj.ms/register.php |
|
| Details | Url | 1 | http://www.sfu.ca/jabber/psi_jabber_pc.pdf |