ioc[.]one - OSINT Cyber Threat Intelligence Database

Another Script-Based Ransomware - SANS Internet Storm Center

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	9456c615-0178-421f-a162-da1447a90bd4
Fingerprint	8c23b0323c2002da
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 9, 2022, midnight
Added to db	Oct. 24, 2023, 1:35 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Internet Storm Center
Title	Another Script-Based Ransomware - SANS Internet Storm Center
Detected Hints/Tags/Attributes	32/1/11

Source URLs

	Redirection	Url
Details	Source	https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234

URL Provider

Details	Provider	Source level domain
Details	sans.edu	isc.sans.edu

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	372		wscript.shell
Details	Domain	19		base64dump.py
Details	Domain	2		8619f595a0bd.ngrok.io
Details	Domain	425		isc.sans.edu
Details	File	1208		powershell.exe
Details	File	18		base64dump.py
Details	File	4		read_me_now.htm
Details	sha256	3		8c8ed4631248343f8732a83193828471e005900fbaf144589d57f6900b9c8996
Details	Url	2		http://8619f595a0bd.ngrok.io/.
Details	Url	2		https://isc.sans.edu/diary/simple
Details	Url	3		https://isc.sans.edu/diary/a