Crypto-Ransomware: Russian Style. Large-scale Research on Russian Ransomware – HackMag
Tags
country: Russia
attack-pattern: Data Model Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID babf2077-b837-4cc1-9a19-d6758faffa94
Fingerprint ae04542131301291
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2022, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 19, 2024, 8:52 p.m.
Headline HackMag
Title Crypto-Ransomware: Russian Style. Large-scale Research on Russian Ransomware – HackMag
Detected Hints/Tags/Attributes 103/2/27
Source URLs
Redirection Url
Details Source https://hackmag.com/security/ransomware-russian-style/
URL Provider
Details Provider Source level domain
Details hackmag.com hackmag.com
Attributes
Details Type #Events CTI Value
Details Domain 6 
yeah.net
Details Domain 7 
inbox.com
Details Domain 1 
antivirusebola.com
Details Domain 12 
securelist.ru
Details Domain 2 
threatpost.ru
Details Domain 1 
trojan-ransom.win32.aura.ws
Details Domain 1 
trojan-ransom.win32.shade.uy
Details Email 1 
filesos@yeah.net
Details Email 1 
id-numbers_blockchain@inbox.com
Details Email 1 
blockchain@inbox.com
Details Email 1 
help@antivirusebola.com
Details File 1 
filecoder.nd
Details File 1212 
index.php
Details File 1 
how_to_decipher_files.html
Details File 1 
inst.php
Details File 1 
desk.jpg
Details File 17 
script.php
Details File 2 
hello.docx
Details File 96 
wallet.dat
Details md5 1 
a683a02903aaab1772ec1a044ed2d6f5
Details md5 1 
9e48f627161a068e32fb3d3c61a6a449
Details md5 1 
d8d228235be285d8cc6a04dce4951079
Details md5 1 
a404b281132627b96cc191162514cd7b
Details md5 1 
2fe09acc8de48b8835361ea386a275f7
Details IPv4 17 
1.1.0.0
Details Url 1 
https://securelist.ru/analysis/obzor/26790/shifrovalshhik-shade-dvojnaya-ugroza
Details Url 1 
https://threatpost.ru/author-behind-ransomware-tox-calls-it-quits-sells-platform/8824