FTCODE Ransomware: New Version can Steal Data | Zscaler Blog
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 9ef56bd2-d7e1-41b7-a4b6-adee09e35ef3 |
| Fingerprint | ac15a14a0ddfa38f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 16, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Oct. 30, 2024, 2:07 p.m. |
| Headline | FTCODE Ransomware — New Version Includes Stealing Capabilities |
| Title | FTCODE Ransomware: New Version can Steal Data | Zscaler Blog |
| Detected Hints/Tags/Attributes | 40/2/47 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | kind.its1ofakind.com |
|
| Details | Domain | 1 | luigicafagna.it |
|
| Details | Domain | 2 | home.southerntransitions.net |
|
| Details | Domain | 1 | nomi.tugnutz.com |
|
| Details | Domain | 1 | home.ktxhome.com |
|
| Details | Domain | 1 | dhol.rkeindustries.net |
|
| Details | Domain | 1 | way.securewebgateway.com |
|
| Details | Domain | 1 | stats.thomasmargiotti.com |
|
| Details | Domain | 1 | pups.pupusas.net |
|
| Details | Domain | 1 | print.impressnaples.com |
|
| Details | Domain | 1 | print.impress-screen-printing.com |
|
| Details | Domain | 1 | power.hagertyquote.com |
|
| Details | Domain | 1 | men.unifiedthreatmanagementutm.com |
|
| Details | Domain | 1 | ese.emarv.com |
|
| Details | Domain | 1 | ehuxmtkxmdqy.top |
|
| Details | Domain | 2 | connect.simplebutmatters.com |
|
| Details | Domain | 1 | connect.heritageagencies.com |
|
| Details | Domain | 1 | ceco.heritageins.co |
|
| Details | Domain | 1 | cdn.danielrmurray.com |
|
| Details | Domain | 1 | bxfmmtkxmdqy.top |
|
| Details | Domain | 1 | biz.lotsofbiz.com |
|
| Details | Domain | 1 | amq1mtkxmdqy.top |
|
| Details | Domain | 1 | ahmwmtkxmdqy.top |
|
| Details | Domain | 1 | agvlmtkxmtq4.top |
|
| Details | Domain | 1 | agvlmtkxmdqy.top |
|
| Details | File | 1 | %public%\libraries\windowsindexingservice.vbs |
|
| Details | File | 1 | windowsindexingservice.vbs |
|
| Details | File | 1 | %temp%\quanto00.tmp |
|
| Details | File | 1 | %public%\oraclekit\w00log03.tmp |
|
| Details | File | 2 | w00log03.tmp |
|
| Details | File | 1 | quanto00.tmp |
|
| Details | File | 4 | read_me_now.htm |
|
| Details | md5 | 13 | 9375CFF0413111d3B88A00104B2A6676 |
|
| Details | md5 | 1 | d597ea78067725ae05a3432a9088caae |
|
| Details | md5 | 1 | f96253923e833362ecac97729d528f8c |
|
| Details | md5 | 1 | cc0f64afa3101809b549cc5630bbd948 |
|
| Details | md5 | 1 | 328ce454698307f976baa909e5c646c7 |
|
| Details | md5 | 1 | 71a8d8c0543a99b8791e1cfaeeeb9211 |
|
| Details | md5 | 1 | f0aa45bb9dd09cfac9d93427a8f5c72c |
|
| Details | md5 | 1 | d6da191bfc5966dd4262376603d4e8c1 |
|
| Details | md5 | 1 | cc5946ce893ff37ace8de210923467a2 |
|
| Details | md5 | 1 | 7f5bb4529b95a872a916cc24b155c4cc |
|
| Details | md5 | 1 | edd5fbe846fa51f3b555185627d0d6c5 |
|
| Details | md5 | 1 | a2e88f9486cc838eae038a8ba32352f3 |
|
| Details | md5 | 1 | eab63ee2434417bc46466df07dc6b5b5 |
|
| Details | md5 | 1 | fd46c05b99d00e11d34b93eae2c7ff2b |
|
| Details | md5 | 1 | 98d2221445c2c8528cef06e4ef3c9e36 |