ioc[.]one - OSINT Cyber Threat Intelligence Database

New CryptXXX Variant Discovered

Tags

attack-pattern:

Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	ab5ae839-3da1-40fa-989b-be08d7c8c100
Fingerprint	b6e41997a167a7d1
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 27, 2016, midnight
Added to db	Jan. 18, 2023, 11:41 p.m.
Last updated	Nov. 18, 2024, 1:25 p.m.
Headline	New CryptXXX Variant Discovered
Title	New CryptXXX Variant Discovered
Detected Hints/Tags/Attributes	54/1/68

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/blog/new-cryptxxx-variant-discovered/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	hn5fbbc4pyz77xfa.onion.to
Details	Domain	2	hn5fbbc4pyz77xfa.onion.cab
Details	Domain	2	hn5fbbc4pyz77xfa.onion.city
Details	Domain	59	torproject.org
Details	Domain	1	hn5fbbc4pyz77xfa.onion
Details	Domain	1	carspot.co.in
Details	Domain	1	astra1767.startdedicated.net
Details	Domain	1	www.capitalsend.info
Details	Domain	1	bikespot.in
Details	Domain	1	ns1.capitalsend.info
Details	Domain	1	ns1.investmentreply.info
Details	Domain	1	capitalsend.info
Details	Domain	1	investmentreply.info
Details	Domain	1	www.investmentreply.info
Details	Domain	1	pure-send.com
Details	Domain	1	anlegersmart.com
Details	Domain	1	communicationsdigest.com
Details	Domain	1	fininvest.info
Details	Domain	1	finreply.info
Details	Domain	1	finstock.info
Details	Domain	1	sharefinance.info
Details	Domain	1	sharefinancial.info
Details	Domain	1	sharehold.info
Details	Domain	1	smartanleger.net
Details	Domain	1	spamerlist.com
Details	Domain	1	yourspamshield.com
Details	File	1	f0f3.tmp
Details	File	1	_bigbang.dll
Details	File	1021	rundll32.exe
Details	File	29	onion.cab
Details	File	26	torbrowser.html
Details	File	1	capitalsend.inf
Details	File	1	investmentreply.inf
Details	File	1	fininvest.inf
Details	File	1	finreply.inf
Details	File	1	finstock.inf
Details	File	1	sharefinance.inf
Details	File	1	sharefinancial.inf
Details	File	1	sharehold.inf
Details	File	2	unsubscribe.php
Details	md5	1	a89f7c458d358615f2d3f0642141febb
Details	md5	1	995e646c3422407227da96ca888ea324
Details	md5	1	ea6586e9ba709a18901ae0434d59c3f4
Details	sha1	1	30fcabddf49cc4d8f153f25dcf30e8aec1ac7161
Details	sha1	1	41706d9153eef3a2f5795e58a334b00fa3f40e8d
Details	sha1	1	1b7fb5c5b9a7e2994110945c85c955c8829183ee
Details	sha1	1	1ed8fc897d2fa7dcd4402b2646fb041f881fed1b
Details	sha1	1	2ffbc8fc585c7de745bb7cda981abc905aa37304
Details	sha1	1	3c3fc89bb266a79b24c5346fbab879694d2b125e
Details	sha1	1	4c505c31a34b4292875d8590e90c9f09bd76ab04
Details	sha1	1	509a607e614472dbe1f549c45fd63b0b8c5cd905
Details	sha1	1	6514f4e8d9cdc36ba0f944c8ae066208e9bf7c38
Details	sha1	1	bbd87b53472c990e9e41e4fcfd3a1b3162f14b6a
Details	sha1	1	df31afdc271d968bf001dfdada2ffb87f00ed59a
Details	sha1	1	e2b49178abfb1f1c731f74c884d30c60769de696
Details	sha1	1	e40f9fabac42822304066725bf0710c2854f91f1
Details	sha1	1	fac67e02f3929d9c0dd230aed19192143bededea
Details	sha1	1	f914db2bb213d7bb5af9bc3a4c10d868e9a32075
Details	sha256	1	fdbeed00cacca229607aa70ee3538c92d57bab7b29cbce0f1c05c1f84c68aa20
Details	sha256	1	d9888e38a2f813139331dbac1f07fede19c784a4c2212cff8c17c83a40a2f84d
Details	sha256	1	275ebe2a72951737a3502d00f967c87d4f2fba03c4828d27270ab0f88a4d8f65
Details	IPv4	2	85.25.194.116
Details	IPv4	1	188.0.236.7
Details	Url	2	http://hn5fbbc4pyz77xfa.onion.to
Details	Url	2	http://hn5fbbc4pyz77xfa.onion.cab
Details	Url	2	http://hn5fbbc4pyz77xfa.onion.city
Details	Url	1	https://torproject.org/projects/torbrowser.html.en
Details	Url	1	http://hn5fbbc4pyz77xfa.onion