Magniber Ransomware Wants to Infect Only the Right People | Mandiant
Tags
| country: | South Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 9bc568b3-bebe-45b1-8675-9425bbfe8660 |
| Fingerprint | ac050959acba87fb |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 19, 2017, midnight |
| Added to db | Nov. 9, 2023, 12:17 a.m. |
| Last updated | Oct. 16, 2024, 2:51 a.m. |
| Headline | Magniber Ransomware Wants to Infect Only the Right People |
| Title | Magniber Ransomware Wants to Infect Only the Right People | Mandiant |
| Detected Hints/Tags/Attributes | 50/3/28 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 77 | cve-2016-0189 |
|
| Details | Domain | 1 | fastprofit.loan |
|
| Details | Domain | 1 | bankme.date |
|
| Details | Domain | 1 | jobsnot.services |
|
| Details | Domain | 1 | carefit.agency |
|
| Details | Domain | 1 | hotdisk.world |
|
| Details | Domain | 1 | 7o12813k90oggw10277.bankme.date |
|
| Details | Domain | 1 | 4bg8l9095z0287fm1j5.bankme.date |
|
| Details | Domain | 1 | j2a3y50mi0a487230v1.bankme.date |
|
| Details | Domain | 2 | fastprofit.me |
|
| Details | Domain | 1 | 3e37i982wb90j.fileice.services |
|
| Details | Domain | 1 | a3co5a8iab2x24g90.helpraw.schule |
|
| Details | Domain | 1 | 2i1f3aadm8k.putback.space |
|
| Details | Domain | 1 | 3ee9fuop6ta4d6d60bt.bankme.date |
|
| Details | Domain | 1 | 3ee9fuop6ta4d6d60bt.jobsnot.services |
|
| Details | Domain | 1 | 3ee9fuop6ta4d6d60bt.carefit.agency |
|
| Details | Domain | 1 | 3ee9fuop6ta4d6d60bt.hotdisk.world |
|
| Details | File | 1 | ihsdj.exe |
|
| Details | File | 2 | bankme.dat |
|
| Details | File | 1 | read_me_for_decrypt_xxxxxxxxxxxxxxxxxxx_.txt |
|
| Details | File | 18 | pcalua.exe |
|
| Details | File | 1 | %temp%\ihsdj.exe |
|
| Details | File | 1 | %temp%\read_me_for_decrypt_xxxxxxxxxxxxxxxxxxx_.txt |
|
| Details | File | 1 | c:\path\malware.exe |
|
| Details | md5 | 1 | dc2a2b84da359881b9df1ec31d03c715 |
|
| Details | Url | 1 | http://7o12813k90oggw10277.bankme.date/new1 |
|
| Details | Url | 1 | http://4bg8l9095z0287fm1j5.bankme.date/new0 |
|
| Details | Url | 1 | http://j2a3y50mi0a487230v1.bankme.date/end1 |