After WannaCry, UIWIX Ransomware Follows Suit
Tags
country: Belarus Kazakhstan
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID c1412ef6-83b6-4eff-9bf6-98de3b784df5
Fingerprint 35362c6aa7a71747
Analysis status DONE
Considered CTI value 0
Text language
Published May 17, 2017, midnight
Added to db Jan. 18, 2023, 9:07 p.m.
Last updated Nov. 8, 2024, 12:45 a.m.
Headline After WannaCry, UIWIX Ransomware Follows Suit
Title After WannaCry, UIWIX Ransomware Follows Suit
Detected Hints/Tags/Attributes 70/2/11
Source URLs
Redirection Url
Details Source https://blog.trendmicro.com/trendlabs-security-intelligence/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit/
Details Source https://www.trendmicro.com/en_fi/research/17/e/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit.html
Details Redirection http://www.trendmicro.com/en_fi/research/17/e/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit.html
Details Source https://www.trendmicro.com/en_gb/research/17/e/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit.html
Details Source https://www.trendmicro.com/en_ca/research/17/e/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Details trendmicro.com blog.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
ntedetect.com
Details Domain 2 
pdoxusrs.net
Details Domain 2 
07.super5566.com
Details Domain 2 
aa1.super5566.com
Details File 2 
mini-tor.dll
Details File 120 
boot.ini
Details File 90 
bootfont.bin
Details File 99 
bootsect.bak
Details File 193 
ntuser.dat
Details sha256 1 
146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc
Details sha256 1 
c72ba80934dc955fa3e4b0894a5330714dd72c2cd4f7ff6988560fc04d2e6494