ioc[.]one - OSINT Cyber Threat Intelligence Database

Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants

Tags

cmtmf-attack-pattern:	Masquerading Obfuscated Files Or Information Process Injection
country:	Australia
attack-pattern:	Direct Archive Collected Data - T1560 Archive Collected Data - T1532 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Replication Through Removable Media - T1458 File And Directory Discovery - T1420 Hidden Files And Directories - T1564.001 Input Capture - T1417 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Process Injection - T1631 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software Packing - T1027.002 Software Packing - T1406.002 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Connection Proxy - T1090 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Input Capture - T1056 Masquerading - T1036 Obfuscated Files Or Information - T1027 Peripheral Device Discovery - T1120 Process Discovery - T1057 Process Injection - T1055 Replication Through Removable Media - T1091 Security Software Discovery - T1063 Software Packing - T1045 System Information Discovery - T1082 System Time Discovery - T1124 Taint Shared Content - T1080 Masquerading Replication Through Removable Media

Show in Graph

Common Information

Type	Value
UUID	a580c60e-5091-40be-adaa-b44decf1a433
Fingerprint	a63098db0e778609
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 24, 2023, 3 p.m.
Added to db	Oct. 24, 2023, 1:14 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Discovering the ADHUBLLKA Ransomware Family: Tracing the Roots of LOLKEK, BIT, OBZ, U2K, TZW Variants
Title	Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants
Detected Hints/Tags/Attributes	104/3/119

Source URLs

	Redirection	Url
Details	Source	https://netenrich.com/blog/discovering-the-adhubllka-ransomware-family

URL Provider

Details	Provider	Source level domain
Details	netenrich.com	netenrich.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	mmcbkgua72og66w4jz3qcxkkhefax754pg6iknmtfujvkt2j65ffraad.onion
Details	Domain	12	yip.su
Details	Domain	1	helpqvrg3cc5mvb3.onion
Details	Domain	1	bit7.freshdesk.com
Details	Domain	144	cock.li
Details	Domain	2	alcx6zctcmhmn3kx.onion
Details	Domain	2	decrmbgpvh6kvmti.onion
Details	Domain	2	helpinfh6vj47ift.onion
Details	Domain	1	7rzpyw3hflwe2c7h.onion
Details	Domain	1	54fjmcwsszltlixn.onion
Details	Domain	1	24cduc2htewrcv37.onion
Details	Domain	1	mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion
Details	Domain	1	mrv44idagzu47oktcipn6tlll6nzapi6pk3u7ehsucl4hpxon45dl4yd.onion
Details	Domain	396	protonmail.com
Details	Domain	85	onionmail.org
Details	Domain	37	xmpp.jp
Details	Email	2	filessupport@cock.li
Details	Email	2	pr0t3eam@protonmail.com
Details	Email	1	pr0team@protonmail.com
Details	Email	3	filessupport@onionmail.org
Details	Email	1	rick5@xmpp.jp
Details	File	18	r.exe
Details	File	13	addinprocess32.exe
Details	File	1	sha256.bin
Details	md5	1	77d0a95415ef989128805252cba93dc2
Details	md5	1	860b89a4138f744adbe41cee1de0848f
Details	md5	1	e3f6878bcafe2463f6028956f44a6e74
Details	md5	1	2f121145ea11b36f9ade0cb8f319e40a
Details	md5	1	291bea114eb566d39f69d8c2af059548
Details	md5	1	e4e439fc5ade188ba2c69367ba6731b6
Details	md5	1	0f77484639b1193ad66e313040c92571
Details	md5	1	121f5beface8337c7105cc6a257a87ed
Details	md5	1	341c316be98f624f7321d198c5345bc9
Details	md5	1	1f640e3f37ec3b93c958c5910eb6a3e7
Details	md5	1	5990a32cddde5978959321237f9b0ee1
Details	md5	1	22dce5b7daed8cfb14aa9e8e7eed1d2f
Details	md5	1	43c89b8dc5f9cac3d143238ba74c9002
Details	md5	1	8ba537f8d00a73d6cc1cc5dffa566ed1
Details	md5	1	2c72015e22b53c215403979536bce826
Details	md5	1	e58b77e4de54b09be77c852436a904b6
Details	md5	1	fc9ca0a85e47088d25483dd47fba3244
Details	md5	1	d0c67160c740f62c25b0558e9563a824
Details	md5	1	5355cce5601f471579f6154708d87fd7
Details	md5	2	518a38b47292b1e809c5e6f0bb1858be
Details	md5	1	3e7591082b36244767c1b5393a44f846
Details	md5	1	71852d35ddc0e13d2d830fcf6d185171
Details	md5	1	ab8f0580cc0d74e0215e7de19515c8a6
Details	md5	1	55044ed5d04a20844fcedb17a3f5bb31
Details	md5	1	842d42bb052a77759c8f55d46021b2e0
Details	md5	1	1a7ddd5e16d0fc9c3969d1c63e5c6cda
Details	md5	1	a735ff10e359539181c1eca593091ee6
Details	md5	1	6953d6e1a2d8df8e0d2e76263e8b3115
Details	md5	1	29250c34e78857b17ee2576f68757d01
Details	md5	1	13d8c2f2cdf5f6208c3e999621019304
Details	md5	1	21dd14135e2dc4b22591ab35cf98b115
Details	md5	1	09d5701f1f4a6d50f9833fc78d3f2371
Details	md5	1	d14aab030b254bae3c6977c71cbc8a0b
Details	md5	1	a15419df02ffae775b6231dd77fd9c6f
Details	md5	1	ae3353674bf514175deda25b96496a83
Details	md5	1	de9d7afe742c551522bafb785c706f4f
Details	md5	1	0e5bd98bcf1ef9bef39f19f41e1aabfb
Details	md5	1	0148dc4f8a43b7fa1c31578f1a3c13bf
Details	md5	1	34b2b644c22861346ed07b4c7eeea7fb
Details	md5	1	da07dd4894c10fe94eba4f32ae4a57e6
Details	IPv4	1	104.18.14.101
Details	IPv4	5	20.99.184.37
Details	IPv4	7	192.229.211.108
Details	IPv4	1	23.216.147.61
Details	IPv4	1	192.3.157.96
Details	IPv4	1	194.85.61.76
Details	IPv4	2	109.70.26.37
Details	IPv4	1	8.209.75.209
Details	IPv4	1	47.91.93.231
Details	IPv4	1	47.75.127.193
Details	IPv4	1	5.101.49.142
Details	IPv4	1	91.239.235.200
Details	IPv4	1	20.80.129.13
Details	IPv4	1	23.35.69.10
Details	IPv4	1	23.35.69.32
Details	IPv4	1	23.35.69.35
Details	IPv4	1	23.35.69.42
Details	IPv4	1	23.35.69.48
Details	IPv4	1	23.35.69.66
Details	IPv4	1	162.0.235.197
Details	IPv4	6	13.107.4.50
Details	IPv4	15	162.159.129.233
Details	IPv4	16	162.159.130.233
Details	IPv4	18	162.159.133.233
Details	IPv4	15	162.159.134.233
Details	IPv4	15	162.159.135.233
Details	IPv4	11	23.216.147.64
Details	IPv4	5	13.107.4.52
Details	IPv4	1	20.190.160.17
Details	IPv4	1	20.190.160.20
Details	IPv4	1	20.190.160.22
Details	IPv4	3	20.99.132.105
Details	IPv4	1	40.126.32.133
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	42	T1158
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	15	T1406.002
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	86	T1124
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	188	T1120
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	33	T1080
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	4	https://yip.su/2qstd5
Details	Url	1	http://helpqvrg3cc5mvb3.onion