RansomHub Ransomware IOCs - II - SEC-1275-1
Tags
| attack-pattern: | Confluence - T1213.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 960e87bd-a6a3-40e4-8bea-2b3721649b6d |
| Fingerprint | 4b31f5d7198fa86a |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 17, 2024, midnight |
| Added to db | Sept. 17, 2024, 10:03 a.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | RansomHub Ransomware IOCs - II |
| Title | RansomHub Ransomware IOCs - II - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 25/1/184 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/3940/ransomhub-ransomware-iocs-ii/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | samuelelena.co |
|
| Details | Domain | 32 | temp.sh |
|
| Details | Domain | 2 | 12301230.co |
|
| Details | Domain | 3 | 40031.co |
|
| Details | Domain | 7 | grabify.link |
|
| Details | Domain | 14 | ibb.co |
|
| Details | Domain | 2 | ibb.com |
|
| Details | File | 2 | amba16.ico |
|
| Details | File | 52 | bcrypt.dll |
|
| Details | File | 25 | cryptsp.dll |
|
| Details | File | 2 | newofficialprogramcauseofnewupdate.exe |
|
| Details | File | 2 | newofficialprogramcauseofnewupdate.ini |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 11 | 10.exe |
|
| Details | File | 10 | 12.exe |
|
| Details | File | 59 | 2.exe |
|
| Details | File | 2 | 2wrrr6sw6xjtsxypzuhwhdg7qwn4es.exe |
|
| Details | File | 50 | 3.exe |
|
| Details | File | 25 | 4.exe |
|
| Details | File | 29 | 5.exe |
|
| Details | File | 12 | 6.exe |
|
| Details | File | 38 | 7.exe |
|
| Details | File | 17 | 8.exe |
|
| Details | File | 11 | 9.exe |
|
| Details | File | 2 | 92.exe |
|
| Details | File | 2 | ambapdf.ico |
|
| Details | File | 16 | cabinet.dll |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 3 | cryptnet.dll |
|
| Details | File | 2 | cv4tcgxujvs.exe |
|
| Details | File | 4 | dpapi.dll |
|
| Details | File | 7 | resources.dll |
|
| Details | File | 3 | resources.exe |
|
| Details | File | 16 | iertutil.dll |
|
| Details | File | 25 | information.exe |
|
| Details | File | 2 | information.ini |
|
| Details | File | 53 | iphlpapi.dll |
|
| Details | File | 48 | mshtml.dll |
|
| Details | File | 40 | msi.dll |
|
| Details | File | 20 | sspicli.dll |
|
| Details | File | 2 | tmsla6kdcu8jxkzpmvbuvwetef5ycr.exe |
|
| Details | File | 50 | urlmon.dll |
|
| Details | File | 37 | userenv.dll |
|
| Details | File | 6 | webio.dll |
|
| Details | File | 34 | winhttp.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 39 | winmm.dll |
|
| Details | File | 3 | winmmbase.dll |
|
| Details | File | 4 | winnlsres.dll |
|
| Details | File | 2 | xwenxub285p83ecrzvft.exe |
|
| Details | File | 218 | min.js |
|
| Details | File | 4 | tripadvisor.js |
|
| Details | File | 2 | superloop.exe |
|
| Details | File | 2 | tripadvisor.css |
|
| Details | File | 2 | 112882618.png |
|
| Details | File | 2 | 2773036704.png |
|
| Details | File | 2 | 2615174623.png |
|
| Details | File | 2 | 2077411869.png |
|
| Details | File | 2 | 534475006.png |
|
| Details | File | 2 | 2501108160.png |
|
| Details | File | 2 | 2681232755.png |
|
| Details | File | 2 | 1038436121.png |
|
| Details | File | 2 | 369210627.png |
|
| Details | File | 2 | 1154761258.png |
|
| Details | File | 2 | 2113791011.png |
|
| Details | IPv4 | 3 | 188.34.188.7 |
|
| Details | IPv4 | 2 | 193.106.175.107 |
|
| Details | IPv4 | 2 | 193.124.125.78 |
|
| Details | IPv4 | 2 | 193.233.254.21 |
|
| Details | IPv4 | 2 | 45.134.140.69 |
|
| Details | IPv4 | 2 | 45.135.232.2 |
|
| Details | IPv4 | 2 | 45.95.67.41 |
|
| Details | IPv4 | 2 | 8.211.2.97 |
|
| Details | IPv4 | 4 | 89.23.96.203 |
|
| Details | Mandiant Temporary Group Assumption | 18 | TEMP.SH |
|
| Details | Url | 2 | http://188.34.188.7/555 |
|
| Details | Url | 2 | http://188.34.188.7/555/amba16.ico |
|
| Details | Url | 2 | http://188.34.188.7/555/bcrypt.dll |
|
| Details | Url | 2 | http://188.34.188.7/555/cryptsp.dll |
|
| Details | Url | 2 | http://188.34.188.7/555/en |
|
| Details | Url | 2 | http://188.34.188.7/555/en-us |
|
| Details | Url | 2 | http://188.34.188.7/555/newofficialprogramcauseofnewupdate.exe |
|
| Details | Url | 2 | http://188.34.188.7/555/newofficialprogramcauseofnewupdate.exe.config |
|
| Details | Url | 2 | http://188.34.188.7/555/newofficialprogramcauseofnewupdate.ini |
|
| Details | Url | 2 | http://89.23.96.203 |
|
| Details | Url | 2 | http://89.23.96.203/333 |
|
| Details | Url | 2 | http://89.23.96.203/333/1.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/1.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/10.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/12.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/12.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/2.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/2.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/2wrrr6sw6xjtsxypzuhwhdg7qwn4es.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/2wrrr6sw6xjtsxypzuhwhdg7qwn4es.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/3.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/3.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/4.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/4.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/5.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/5.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/6.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/7.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/8.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/9.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/92.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/ambapdf.ico |
|
| Details | Url | 2 | http://89.23.96.203/333/ambapdf.ico.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/bcrypt.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/cabinet.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/cryptbase.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/cryptnet.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/cryptsp.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/cv4tcgxujvs.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/dpapi.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/en |
|
| Details | Url | 2 | http://89.23.96.203/333/en/d字字.resources.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/en/d字字.resources.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/en/d字字.resources/d字字.resources.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/en/d字字.resources/d字字.resources.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/en-us |
|
| Details | Url | 2 | http://89.23.96.203/333/en-us/d字字.resources.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/en-us/d字字.resources.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/en-us/d字字.resources/d字字.resources.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/en-us/d字字.resources/d字字.resources.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/iertutil.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/information.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/information.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/information.ini |
|
| Details | Url | 2 | http://89.23.96.203/333/iphlpapi.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/mshtml.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/msi.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/sspicli.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/tmsla6kdcu8jxkzpmvbuvwetef5ycr.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/tmsla6kdcu8jxkzpmvbuvwetef5ycr.exe.config |
|
| Details | Url | 2 | http://89.23.96.203/333/urlmon.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/userenv.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/webio.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/winhttp.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/wininet.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/winmm.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/winmmbase.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/winnlsres.dll |
|
| Details | Url | 2 | http://89.23.96.203/333/xwenxub285p83ecrzvft.exe |
|
| Details | Url | 2 | http://89.23.96.203/333/xwenxub285p83ecrzvft.exe.config |
|
| Details | Url | 2 | http://samuelelena.co |
|
| Details | Url | 2 | http://samuelelena.co/npm |
|
| Details | Url | 2 | http://samuelelena.co/npm/module.external/client.min.js |
|
| Details | Url | 2 | http://samuelelena.co/npm/module.external/jquery.min.js |
|
| Details | Url | 2 | http://samuelelena.co/npm/module.tripadvisor/module.tripadvisor.js |
|
| Details | Url | 2 | http://samuelelena.co:443 |
|
| Details | Url | 2 | http://temp.sh/kncqd/superloop.exe |
|
| Details | Url | 2 | https://12301230.co/npm/module.external/client.min.js |
|
| Details | Url | 2 | https://12301230.co/npm/module.external/jquery.min.js |
|
| Details | Url | 2 | https://12301230.co/npm/module.external/moment.min.js |
|
| Details | Url | 2 | https://12301230.co/npm/module.tripadvisor/module.tripadvisor.css |
|
| Details | Url | 2 | https://12301230.co/npm/module.tripadvisor/module.tripadvisor.js |
|
| Details | Url | 2 | https://40031.co/npm/module.external/client.min.js |
|
| Details | Url | 2 | https://40031.co/npm/module.external/jquery.min.js |
|
| Details | Url | 2 | https://40031.co/npm/module.external/moment.min.js |
|
| Details | Url | 2 | https://40031.co/npm/module.tripadvisor/module.tripadvisor.css |
|
| Details | Url | 2 | https://40031.co/npm/module.tripadvisor/module.tripadvisor.js |
|
| Details | Url | 2 | https://grabify.link/y33yxp |
|
| Details | Url | 2 | https://i.ibb.co/2kbydfw/112882618.png |
|
| Details | Url | 2 | https://i.ibb.co/4g6jh2j/2773036704.png |
|
| Details | Url | 2 | https://i.ibb.co/b1bzbpg/2615174623.png |
|
| Details | Url | 2 | https://i.ibb.co/fxhyq6t/2077411869.png |
|
| Details | Url | 2 | https://i.ibb.co/hk0jv1g/534475006.png |
|
| Details | Url | 2 | https://i.ibb.co/nbmnnw4/2501108160.png |
|
| Details | Url | 2 | https://i.ibb.co/p1rctpy/2681232755.png |
|
| Details | Url | 2 | https://i.ibb.co/sxqlwym/1038436121.png |
|
| Details | Url | 2 | https://i.ibb.co/v1bn9zk/369210627.png |
|
| Details | Url | 2 | https://i.ibb.co/v3kj1c2/1154761258.png |
|
| Details | Url | 2 | https://i.ibb.co/x2fr8kz/2113791011.png |
|
| Details | Url | 2 | https://i.ibb.com:443/v3kj1c2/1154761258.png |
|
| Details | Url | 2 | https://samuelelena.co |
|
| Details | Url | 2 | https://samuelelena.co/np |
|
| Details | Url | 2 | https://samuelelena.co/npm |
|
| Details | Url | 2 | https://samuelelena.co/npm/module.external |
|
| Details | Url | 4 | https://samuelelena.co/npm/module.external/client.min.js |
|
| Details | Url | 4 | https://samuelelena.co/npm/module.external/jquery.min.js |
|
| Details | Url | 4 | https://samuelelena.co/npm/module.external/moment.min.js |
|
| Details | Url | 2 | https://samuelelena.co/npm/module.tripadvisor/module.tripadvisor |
|
| Details | Url | 4 | https://samuelelena.co/npm/module.tripadvisor/module.tripadvisor.js |