Xorist-Frozen
Tags
attack-pattern: Data Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 953f13f9-b31a-4da5-a359-00bef576b5d0
Fingerprint c9b47fb912d0e36
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 2, 2018, 12:12 p.m.
Added to db Jan. 18, 2023, 7:53 p.m.
Last updated Nov. 12, 2024, 11:51 a.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title Xorist-Frozen
Detected Hints/Tags/Attributes 30/1/23
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2018/02/xorist-frozen-ransomware.html
URL Provider
Details Provider Source level domain
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 12 
scryptmail.com
Details Domain 2 
www.localbitcoin.com
Details Domain 8 
coinatmradar.com
Details Domain 25 
www.localbitcoins.com
Details Domain 144 
cock.li
Details Domain 167 
tutanota.com
Details Email 1 
frozen_service_security@scryptmail.com
Details Email 1 
payment_confirmation@scryptmail.com
Details Email 1 
email_decryptor_payment@scryptmail.com
Details Email 1 
repair_data@scryptmail.com
Details Email 2 
id-f25e5de4.[worldcry@cock.li
Details Email 1 
fsa2018@scryptmail.com
Details Email 1 
restore_service@scryptmail.com
Details Email 1 
restore_service99@scryptmail.com
Details Email 1 
ineedmoney12@tutanota.com
Details File 140 
files.txt
Details File 10 
worker.exe
Details Url 4 
https://coinatmradar.com
Details Url 2 
https://www.localbitcoins.com
Details Windows Registry Key 1 
HKEY_CLASSES_ROOT\....PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_to_make_the_payment
Details Windows Registry Key 1 
HKEY_CLASSES_ROOT\CUJVMVYCURZLZNO
Details Windows Registry Key 1 
HKEY_CLASSES_ROOT\CUJVMVYCURZLZNO\DefaultIcon
Details Windows Registry Key 1 
HKEY_CLASSES_ROOT\CUJVMVYCURZLZNO\shell\open\command