Hakbit, Thanos
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 96ea3926-d730-43fe-9dfe-581598f06163 |
| Fingerprint | 16375bff76b51851 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 4, 2019, 6:31 a.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | Hakbit, Thanos |
| Detected Hints/Tags/Attributes | 73/2/186 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2019/11/hakbit-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 42 | www.coinbase.com |
|
| Details | Domain | 162 | localbitcoins.com |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 47 | checkip.dyndns.org |
|
| Details | Domain | 1 | hakbit.hostingerapp.com |
|
| Details | Domain | 1 | hakbit.000webhostapp.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 74 | discord.gg |
|
| Details | Domain | 3 | files.000webhost.com |
|
| Details | Domain | 1 | trojan.heur.dnp |
|
| Details | Domain | 1 | movavi.video.editor.plus |
|
| Details | Domain | 1 | rsload.net |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 12 | secmail.pro |
|
| Details | Domain | 246 | mail.ru |
|
| Details | Domain | 99 | qq.com |
|
| Details | Domain | 1 | firemail.com |
|
| Details | Domain | 24 | rape.lol |
|
| Details | Domain | 37 | xmpp.jp |
|
| Details | Domain | 1 | asiarecovery.ir |
|
| Details | Domain | 1 | recoverygroup.at |
|
| Details | Domain | 84 | airmail.cc |
|
| Details | Domain | 5 | mail.ch |
|
| Details | Domain | 1 | prometheus.help |
|
| Details | Domain | 89 | protonmail.ch |
|
| Details | Domain | 1 | sonarmsniko2lvfu.onion |
|
| Details | Domain | 1 | ransom.win32.thanos.sm |
|
| Details | Domain | 2 | ransom.msil.thanos.sm |
|
| Details | Domain | 46 | firemail.cc |
|
| Details | Domain | 4 | hitler.rocks |
|
| Details | Domain | 83 | tuta.io |
|
| Details | Domain | 42 | rambler.ru |
|
| Details | Domain | 35 | tutamail.com |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 8 | aliyun.com |
|
| Details | Domain | 287 | yahoo.com |
|
| Details | Domain | 167 | tutanota.com |
|
| Details | Domain | 14 | criptext.com |
|
| Details | Domain | 14 | outlookpro.net |
|
| Details | Domain | 1 | trojan.mardom.mn |
|
| Details | Domain | 15 | malware.ai |
|
| Details | Domain | 2 | thanos.pa |
|
| Details | Domain | 62 | icanhazip.com |
|
| Details | Domain | 1 | sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion |
|
| Details | Domain | 2 | thanos.mk |
|
| Details | Domain | 1 | robinhoodleaks.tumblr.com |
|
| Details | Domain | 42 | msgsafe.io |
|
| Details | Domain | 1 | malwarebytesmalware.ai |
|
| Details | Domain | 1 | hakbit.sk |
|
| Details | Domain | 1 | trendmicroransom.msil.thanos.sm |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | 2 | hakbit@protonmail.com |
||
| Details | 1 | servo99@protonmail.com |
||
| Details | 1 | servo33@protonmail.com |
||
| Details | 1 | recoba90@protonmail.com |
||
| Details | 1 | timepay@protonmail.com |
||
| Details | 1 | mheist5@protonmail.com |
||
| Details | 1 | l1u1t1@secmail.pro |
||
| Details | 2 | josephnull@secmail.pro |
||
| Details | 2 | energy[potentialenergy@mail.ru |
||
| Details | 2 | potentialenergy@mail.ru |
||
| Details | 2 | milleni5000@qq.com |
||
| Details | 1 | suppforunl@firemail.com |
||
| Details | 1 | suppforunl@rape.lol |
||
| Details | 1 | suppforunl@xmpp.jp |
||
| Details | 1 | datarecovery@asiarecovery.ir |
||
| Details | 1 | yourdata@recoverygroup.at |
||
| Details | 1 | workplus111@protonmail.com |
||
| Details | 1 | worker400@airmail.cc |
||
| Details | 1 | secure[milleni5000@qq.com |
||
| Details | 2 | prom[prometheushelp@mail.ch |
||
| Details | 1 | prometheushelp@mail.ch |
||
| Details | 1 | prometheushelp@airmail.cc |
||
| Details | 1 | prometheus.help@protonmail.ch |
||
| Details | 1 | filesrestore000@airmail.cc |
||
| Details | 1 | harditem@firemail.cc |
||
| Details | 1 | harditem@hitler.rocks |
||
| Details | 1 | harditem@xmpp.jp |
||
| Details | 1 | id-xxxxxxxx].[killerworm@tuta.io |
||
| Details | 1 | killerworm@tuta.io |
||
| Details | 1 | zerowhite@tuta.io |
||
| Details | 1 | id-xxxxxxxx].[kingkong2@tuta.io |
||
| Details | 1 | kingkong2@tuta.io |
||
| Details | 1 | decoder44@rambler.ru |
||
| Details | 1 | alpinbovuar@protonmail.com |
||
| Details | 1 | id-215cfe80].[kingkong2@tuta.io |
||
| Details | 1 | 1bmx1@tuta.io |
||
| Details | 1 | id-c4ba3456].[black_privat@tuta.io |
||
| Details | 1 | black_privat@tuta.io |
||
| Details | 1 | darkseid@tutamail.com |
||
| Details | 1 | id-de792345].[john2wick@tuta.io |
||
| Details | 1 | john2wick@tuta.io |
||
| Details | 1 | black_private@tuta.io |
||
| Details | 2 | tiberiano@aol.com |
||
| Details | 1 | secure[irrelevantly@aliyun.com |
||
| Details | 1 | irrelevantly@aliyun.com |
||
| Details | 5 | willettamoffat@yahoo.com |
||
| Details | 1 | id-c4ba3647].[kingstonbtc@tutanota.com |
||
| Details | 1 | kingstonbtc@tutanota.com |
||
| Details | 1 | pandabit@tuta.io |
||
| Details | 2 | jeremy.albright@criptext.com |
||
| Details | 1 | id-9c759153].[pingp0ng@tuta.io |
||
| Details | 1 | pingp0ng@tuta.io |
||
| Details | 1 | on1ine@tuta.io |
||
| Details | 1 | cyber@outlookpro.net |
||
| Details | 1 | id-8c639be9].[detect0r@tuta.io |
||
| Details | 1 | detect0r@tuta.io |
||
| Details | 1 | steriok12132@tutanota.com |
||
| Details | 1 | kukajamba@tutanota.com |
||
| Details | 1 | bugagaga@tuta.io |
||
| Details | 1 | bloody7@tuta.io |
||
| Details | 1 | secure820@msgsafe.io |
||
| Details | 1 | secure822@msgsafe.io |
||
| Details | 1 | id-2a257xxx].[blackcat7@tuta.io |
||
| Details | 1 | ranshelp21@tutanota.com |
||
| Details | 1 | araihelp@secmail.pro |
||
| Details | 1 | araihelp2@secmail.pro |
||
| Details | File | 199 | firefox.exe |
|
| Details | File | 3 | chrome32.exe |
|
| Details | File | 2 | opera32.exe |
|
| Details | File | 53 | server.exe |
|
| Details | File | 69 | client.exe |
|
| Details | File | 73 | trojan.msi |
|
| Details | File | 25 | ransom.msi |
|
| Details | File | 2 | help_me_recover_my_files.txt |
|
| Details | File | 7 | wallpaper.bmp |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\lsass.exe |
|
| Details | File | 1 | qaopj445.exe |
|
| Details | File | 1 | ijxvw3i4.exe |
|
| Details | File | 1 | 013.jpg |
|
| Details | File | 2 | sharpexec_x64.exe |
|
| Details | File | 2 | sharpexec_x86.exe |
|
| Details | File | 1 | gozde.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 208 | setup.exe |
|
| Details | File | 6 | lol.exe |
|
| Details | File | 2 | 2996.txt |
|
| Details | File | 1 | tapjoy.exe |
|
| Details | File | 1 | client-4.exe |
|
| Details | File | 1 | client-0.exe |
|
| Details | File | 1 | editor.pl |
|
| Details | File | 108 | 0.exe |
|
| Details | File | 55 | dwm.exe |
|
| Details | File | 172 | dllhost.exe |
|
| Details | File | 1 | help_me_my_files_not_make_public.txt |
|
| Details | File | 1 | buddingpulvers.exe |
|
| Details | File | 1 | client-17.exe |
|
| Details | File | 4 | heur.msi |
|
| Details | File | 1 | deal_for_access_to_your_files.txt |
|
| Details | File | 1 | how_to_decypher_files_login.txt |
|
| Details | File | 3 | how_to_decypher_files.txt |
|
| Details | File | 1 | pulpit1.exe |
|
| Details | File | 7 | restore_files_info.txt |
|
| Details | File | 18 | trojanspy.msi |
|
| Details | File | 1 | zaudrshare.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2 | how_to_recover_your_files.txt |
|
| Details | File | 13 | instruction.txt |
|
| Details | File | 2 | инструкция.txt |
|
| Details | File | 2 | kingdee.exe |
|
| Details | File | 1 | farkos.csv |
|
| Details | File | 1 | farkos.cs |
|
| Details | File | 18 | trojan-ransom.msi |
|
| Details | File | 2 | worker-0.exe |
|
| Details | File | 4 | decrypt_info.txt |
|
| Details | File | 1 | ie8juajp7.exe |
|
| Details | File | 15 | malware.ai |
|
| Details | File | 122 | psexec.exe |
|
| Details | File | 118 | sc.exe |
|
| Details | File | 1 | lighthouse.jpg |
|
| Details | File | 1 | robinhoodleaks.tum |
|
| Details | File | 1 | rdm.msi |
|
| Details | File | 1 | restore_them.txt |
|
| Details | File | 6 | txt.exe |
|
| Details | File | 1 | malwarebytesmalware.ai |
|
| Details | File | 4 | db.exe |
|
| Details | File | 1 | trendmicroransom.msi |
|
| Details | File | 1 | read_to_restore_your_files.txt |
|
| Details | Github username | 1 | anthemtotheego |
|
| Details | md5 | 1 | ce2d158047d9ad9398d8c3135c45c9d0 |
|
| Details | Pdb | 1 | sharpexec.pdb |
|
| Details | Url | 21 | https://www.coinbase.com |
|
| Details | Url | 33 | https://localbitcoins.com |
|
| Details | Url | 1 | https://discord.gg/zfegdm2 |
|
| Details | Url | 1 | ftp://files.000webhost.com/public_html |