ioc[.]one - OSINT Cyber Threat Intelligence Database

LockCrypt Ransomware Spreading via RDP Brute-Force Attacks

Tags

country:	India Iran Philippines South Africa
attack-pattern:	Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	b7661b06-fb78-42a5-af68-37c696ecd294
Fingerprint	8660b87928569e07
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 12, 2023, midnight
Added to db	Feb. 17, 2023, 9:34 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	LockCrypt Ransomware Spreading via RDP Brute-Force Attacks
Title	LockCrypt Ransomware Spreading via RDP Brute-Force Attacks
Detected Hints/Tags/Attributes	46/2/31

Source URLs

	Redirection	Url
Details	Source	https://cybersecurity.att.com/blogs/labs-research/lockcrypt-ransomware-spreading-via-rdp-brute-force-attacks#When:14:00:00Z
Details	Source	https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-via-rdp-brute-force-attacks#When:14:00:00Z

URL Provider

Details	Provider	Source level domain
Details	alienvault.com	www.alienvault.com
Details	att.com	cybersecurity.att.com

Attributes

Details	Type	#Events	Value
Details	Domain	158	aol.com
Details	Domain	30	bitmessage.ch
Details	Domain	18	wshshell.run
Details	Domain	162	localbitcoins.com
Details	Domain	68	www.coindesk.com
Details	Email	1	stn_satan@aol.com
Details	Email	2	satan-stn@bitmessage.ch
Details	Email	2	jekr@aol.com
Details	Email	2	stnsatan@aol.com
Details	Email	2	enigmax_x@aol.com
Details	Email	2	djekr@aol.com
Details	Email	2	jajanielse@aol.com
Details	Email	2	jajanielse@bitmessage.ch
Details	File	1	bcn1.exe
Details	File	2	webservices.exe
Details	File	2126	cmd.exe
Details	sha256	1	1df3d4da1ef11373966f54a6d67c38a223229f272438e1c6ec7cb4c1ea3ff3e2
Details	sha256	1	bf80ef6cfea9478bf69f247b59d17dab9ede4b74193234168ee6e3d55dc526e1
Details	sha256	1	0948390b18338b460edf60beaf1a792d1d85dab64ec59b158fa2d47e78ad4373
Details	sha256	1	dc892346618f8fe561a7219a59e7c6fd2e15ff463469a29708886a23f54157b9
Details	sha256	1	0ab44a962ababbf4500b335171e25d930ae3b8356a50bc547979126007aa42c0
Details	sha256	1	151cf4f4c5e2a90b57af8d22e085ebc5f8927cf8b14eeaade3adb271c11eb54f
Details	sha256	1	64d6cc34ad16e2ecbaf7e71573ed222cfa16b710cc6ff79ab3cc3c1c6c4b1138
Details	sha256	1	d69c972d578a3d4b15158ac14600f0e996113e510a4bc9815193c9e74740e612
Details	sha256	1	cdd61a00a8175f1753b55094be506bd9fc1a6511a3f0abeeed0216b1db17e95e
Details	sha256	1	bce16a425c37d2ad3280c19d4c64bc7ed037d29dabe3e34ab4941a245cb5ec34
Details	sha256	1	722df6f33a9d11d841ce399a9081bac2788ce007474b0be9ee76efbf1f5a132b
Details	sha256	1	3756c1fcf3f6404582a19c5e1fd23aa043cb71e85700bdf6b0e6df80593ad565
Details	sha256	1	714546c621a797743f0bce6a8843611860d3392a7f3fcff5cf661d0a6bffa78b
Details	Url	52	https://localbitcoins.com/buy_bitcoins
Details	Url	41	http://www.coindesk.com/information/how-can-i-buy-bitcoins