ioc[.]one - OSINT Cyber Threat Intelligence Database

Thanatos

Tags

attack-pattern:

Data Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	91a9df35-8abe-4b60-85d9-0a58a7caadbe
Fingerprint	3e67557f14744a7a
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 17, 2018, 1 p.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title	Thanatos
Detected Hints/Tags/Attributes	17/1/17

Source URLs

	Redirection	Url
Details	Source	http://id-ransomware.blogspot.com/2018/02/thanatos-ransomware.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	id-ransomware.blogspot.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	246		mail.ru
Details	Domain	112		cdn.discordapp.com
Details	Domain	14		iplogger.com
Details	Domain	155		yandex.com
Details	Domain	119		yandex.ru
Details	Domain	1174		gmail.com
Details	Email	1		c-m58@mail.ru
Details	Email	2		thanatos1.1@yandex.com
Details	Email	1		shadowbrokers@yandex.ru
Details	Email	1		de.picocode@gmail.com
Details	File	367		readme.txt
Details	File	2		fastleafdecay.exe
Details	File	33		c:\windows\system32\notepad.exe
Details	File	3		%userprofile%\desktop\readme.txt
Details	File	2		thanatosdecryptor.exe
Details	Pdb	1		thanatos.pdb
Details	Windows Registry Key	582		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run