GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel
Tags
country: United Arab Emirates Brazil Canada Nigeria France Iran Iraq Pakistan Israel Lebanon Myanmar Philippines South Africa Sudan
attack-pattern: Data Models Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 9e098607-19ff-499e-9375-69f937a76233
Fingerprint a4008890801aaa8c
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 3, 2023, 5:52 p.m.
Added to db Nov. 20, 2023, 12:13 a.m.
Last updated Nov. 16, 2024, 2:10 p.m.
Headline GhostSec: From Fighting ISIS to Possibly Targeting Israel with RaaS
Title GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel
Detected Hints/Tags/Attributes 102/2/37
Source URLs
Redirection Url
Details Source https://www.uptycs.com/blog/ghostlocker-ransomware-ghostsec
URL Provider
Details Provider Source level domain
Details uptycs.com www.uptycs.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 389 Uptycs Blog https://www.uptycs.com/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
cryptography.io
Details File 12 
watchdog.exe
Details File 1 
wuachost.exe
Details File 44 
readme.html
Details File 25 
http.html
Details File 1 
addacrypticmastera__main__a__module__auserconfiga__qualname__uchrome.exe
Details File 1 
adda__main__a__module__auserconfiga__qualname__uchrome.exe
Details sha1 1 
79a144bd95a43684c3c259e139200fb209ea8913
Details sha256 1 
0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
Details sha256 1 
4844f44c9de364377f574e4d6a8a77dc0b4d6a67f21ccbf693ac366e52eaa8cb
Details sha256 1 
65d3a922754af96d8d722859ac31f3de96522d50659c67607021f2ac728f9630
Details sha256 1 
15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80
Details sha256 1 
663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33
Details sha256 1 
a98f8468d70426ba255469a92d983d653f937d954e936e0ff5d9a0f44f1bdf70
Details sha256 1 
ee227cd0ef308287bc536a3955fd81388a16a0228ac42140e9cf308ae6343a3f
Details sha256 1 
7d37eddf0b101ff2b633b2ffe33580bdb993a97fecc06874d7b5b07119b9ec99
Details sha256 1 
7e14d88f60fe80f8fa27076566fd77e51c7d04674973a564202b4a7cbfaf2778
Details sha256 1 
9b6be74c2c144f8bcb92c8350855d35c14bb7f2b727551c3dd5c8054c4136e3f
Details sha256 1 
abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972
Details sha256 1 
4c09a012efff318b01a72199051815c5a7b920634fb6c76082673681f54f2ec3
Details IPv4 2 
88.218.61.141
Details IPv4 2 
88.218.62.219
Details IPv4 2 
195.2.79.117
Details Url 2 
http://88.218.61.141/add
Details Url 2 
https://cryptography.io/en/latest/fernet
Details Url 2 
http://88.218.62.219/download
Details Url 2 
http://88.218.62.219
Details Url 2 
https://88.218.62.219/download
Details Url 2 
http://88.218.62.219/downloadp
Details Url 2 
http://88.218.62.219/downloadastatus_codel
Details Url 1 
http://88.218.61.141/addacrypticmastera__main__a__module__auserconfiga__qualname__uchrome.exeaproces
Details Url 1 
http://88.218.61.141/adda__main__a__module__auserconfiga__qualname__uchrome.exeaprocessesuc
Details Url 2 
http://88.218.61.141
Details Url 2 
http://88.218.61.141/addp
Details Url 2 
http://88.218.61.141/incrementlaunchest
Details Url 2 
http://88.218.61.141/incrementlaunches
Details Url 2 
http://195.2.79.117