ioc[.]one - OSINT Cyber Threat Intelligence Database

Resurgence of Locky Ransomware with LUKITUS extension

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Services - T1021.007 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	a8457a7c-039e-4353-857f-de96bb9de357
Fingerprint	a44589daafb62e6d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 18, 2017, 8:35 p.m.
Added to db	Jan. 18, 2023, 11:31 p.m.
Last updated	Oct. 16, 2024, 2:27 a.m.
Headline	Resurgence of Locky Ransomware with LUKITUS extension
Title	Resurgence of Locky Ransomware with LUKITUS extension
Detected Hints/Tags/Attributes	37/2/62

Source URLs

	Redirection	Url
Details	Source	https://www.netskope.com/blog/resurgence-locky-ransomware-lukitus-extension/

URL Provider

Details	Provider	Source level domain
Details	netskope.com	www.netskope.com

Attributes

Details	Type	#Events	Value
Details	File	2	documents.7z
Details	File	2	photos.7z
Details	File	1	scans.7z
Details	File	9	backdoor.js
Details	File	1	ransm.cer
Details	md5	1	3D4E88B3BA4D128BB171B74B1F6F641A
Details	md5	1	AE2E796443D66A9838E2EF9418C66F20
Details	md5	1	13bea407806390f8c3f823a5ebdcae59
Details	md5	1	b7c6d012f7c4debc52bf284a7162ee20
Details	md5	1	0c7400e89b72706fa5fdf002acc4c85e
Details	md5	1	1448f60a07a293b5d07f26f80588f65a
Details	md5	1	d066ef2c687db825d5aef0b5a5138cfd
Details	md5	1	bc6626d5b5647cc7cc4253b888ac8516
Details	md5	1	4ae33660987f773770c4207bfd43ddda
Details	md5	1	042ba955577e39b8dd6f59020bc591e9
Details	md5	1	1cdc311223976e7088a283e96bdeffac
Details	md5	1	42c620536312b159958aaffe5f84fcac
Details	md5	1	c310a59441e5e419479a8e31c6de2027
Details	md5	1	ce13a2659baf3b95b695b2337acdd968
Details	md5	1	f07119596558726f54ebbf2d6ff82061
Details	md5	1	b00bd226aeefc71a729309efce9dbda1
Details	md5	1	2be10977754feb7381ea6b388657eed6
Details	md5	1	5b5e20ed4afb16d0a56ed0f8050edae9
Details	md5	1	7db7a54f32428e6066ea71974173e42a
Details	md5	1	01feeaa06d5cec769a64e6a664859e9e
Details	md5	1	43f5fac549905a696c86c0dd5780fa3f
Details	md5	1	593ffac15b20e8a07d074fdf6eefeaf3
Details	md5	1	6980b0b506c352b3c8926a3c7d324090
Details	md5	1	f43f60953ef7d8b76de9aeb9fb7361a0
Details	md5	1	06a823a814483ac1b6538e7b21d65fc1
Details	md5	1	a710fcda88f38e31126be00ba6d1ccf3
Details	md5	1	d3146506f1853dc09a0badbd4537d7d5
Details	md5	1	6057e095bde4248001720a5a794c9123
Details	md5	1	0e8a4119f707962556dfa4e4f92bd2be
Details	md5	1	0e4b77bd1566f5b0e6a92c8578bfe35c
Details	md5	1	968e28a239376460abe4d3f49bf5fc2e
Details	md5	1	68c2a18a3cee9ca622bb05a03487d85d
Details	md5	1	58d3397ca1846e6a768d7796bf0fa948
Details	md5	1	0a2c4b8bf40b42d55a223f774d6bc1f0
Details	md5	1	3383a9d7b07048f054077f952f26237c
Details	md5	1	019ba9aacde1588af3ed9b75618800fa
Details	md5	1	8eec5518a38c2df588233cb5a11a1f4f
Details	md5	1	d7d0216028e3b70d641b925551021658
Details	md5	1	05364e6a6fc3443cfa1df64aeaf07e01
Details	md5	1	7cfef6d991b141855e390d9a8f242ba3
Details	md5	1	292133107a4a88cd971be0e91e277300
Details	md5	1	a89ea3a2a6c6d068d9ea58653a3b4b41
Details	md5	1	b3bf7037b5f0ad26af449ce2919023ed
Details	md5	1	7a8137536d96d4f10c8a5b0502ffb1f0
Details	md5	1	70de561caafcdc902b7f6cb0f05bf133
Details	md5	1	91688fd25face087026508f94f20ead7
Details	md5	1	961d5d61a832a9f6895a7ff8a3c50d58
Details	md5	1	4dcd2b24d5c921943eacc0ed68d84f96
Details	md5	1	475e71ffd0db6563d734621e5e24a377
Details	md5	1	c1422eafb6c31c7863dd9d494c16a189
Details	md5	1	b09f1d2dd27f6721bede378d1e572fcb
Details	md5	1	616d5906ba7bfdb265f98769b9d0d803
Details	IPv4	1	78.108.93.185
Details	IPv4	1	192.162.103.213
Details	IPv4	1	192.162.103.118
Details	IPv4	1	5.187.5.171
Details	IPv4	1	185.20.185.119