ioc[.]one - OSINT Cyber Threat Intelligence Database

Malware-Traffic-Analysis.net - 2017-01-17 - EITest Rig-V from 92.53.127.86 sends Spora ransomware

Tags

attack-pattern:

Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001

Show in Graph

Common Information

Type	Value
UUID	a02c7880-a8b6-4caf-93b3-8bdb24f12ab1
Fingerprint	f5b4b12e7e2d84d3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 17, 2017, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Sept. 4, 2024, 3:11 a.m.
Headline	UNKNOWN
Title	Malware-Traffic-Analysis.net - 2017-01-17 - EITest Rig-V from 92.53.127.86 sends Spora ransomware
Detected Hints/Tags/Attributes	31/1/19

Source URLs

	Redirection	Url
Details	Source	http://malware-traffic-analysis.net/2017/01/17/index2.html

URL Provider

Details	Provider	Source level domain
Details	malware-traffic-analysis.net	malware-traffic-analysis.net

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		2017-01-17-eitest-rig-v-sends-spora-ransomware.pcap.zip
Details	Domain	1		2017-01-17-eitest-rig-v-sends-spora-malware-and-artifacts.zip
Details	Domain	1		2017-01-17-page-from-naturalhealthonline.com
Details	Domain	4		spora.bz
Details	Domain	1		naturalhealthonline.com
Details	Domain	1		zome.aplusengineering-gr.com
Details	File	38		pcap.zip
Details	File	1		2017-01-17-eitest-rig-v-sends-spora-malware-and-artifacts.zip
Details	File	1		2017-01-17-eitest-rig-v-flash-exploit.swf
Details	File	1		2017-01-17-eitest-rig-v-landing-page.txt
Details	File	1		2017-01-17-eitest-rig-v-payload-spora-ransomware-radfcdcc.tmp
Details	File	1		2017-01-17-spora-ransomware-us20d-abcde-abcde-abcde.html
Details	File	1		2017-01-17-spora-ransomware-payment-page.html
Details	File	1		com-with-injected-eitest-script.txt
Details	File	1		radfcdcc.tmp
Details	sha256	1		7ef95283a46424a4c8db0d00601f8369831c29d748c6d4dccbf6620dd7558c1c
Details	sha256	1		2637247ad66e6e57a68093528bb137c959cdbb438764318f09326fc8a79bdaaf
Details	IPv4	2		92.53.127.86
Details	IPv4	3		186.2.161.51