ioc[.]one - OSINT Cyber Threat Intelligence Database

Fantom Ransomware Encrypts your Files while pretending to be Windows Update

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	a27a06d1-3da0-42ba-8735-fa4453e396d4
Fingerprint	957628f33ba418d4
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 25, 2016, midnight
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 11, 2024, 8:20 a.m.
Headline	Fantom Ransomware Encrypts your Files while pretending to be Windows Update
Title	Fantom Ransomware Encrypts your Files while pretending to be Windows Update
Detected Hints/Tags/Attributes	65/1/22

Source URLs

	Redirection	Url
Details	Source	http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/

URL Provider

Details	Provider	Source level domain
Details	bleepingcomputer.com	www.bleepingcomputer.com

Attributes

Details	Type	#Events	Value
Details	Domain	119	yandex.ru
Details	Domain	4	techemail.com
Details	Domain	2	powertoolsforyou.com
Details	Domain	2	templatesupdates.dlinkddns.com
Details	Email	3	fantomd12@yandex.ru
Details	Email	3	fantom12@techemail.com
Details	File	26	windowsupdate.exe
Details	File	1	apple.jpg
Details	File	8	decrypt_your_files.html
Details	File	2	%userprofile%\2d5s8g4ed.jpg
Details	File	2	fantom1.jpg
Details	File	3	%appdata%\delback.bat
Details	File	24	update.bat
Details	File	2	%userprofile%\how to decrypt your files.jpg
Details	File	10	stats.php
Details	File	2	fksgieksi.php
Details	sha256	2	f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
Details	Url	1	http://content.screencast.com/users/gurudrag/folders/default/media/9289aabe-7b4a-4c7f-b3bb-bdf3407e7a2f/fantom1.jpg
Details	Url	1	http://powertoolsforyou.com/themes/prestashop/cache/stats.php
Details	Url	1	http://templatesupdates.dlinkddns.com/falssk/fksgieksi.php
Details	Windows Registry Key	37	HKCU\Control
Details	Windows Registry Key	13	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System