ioc[.]one - OSINT Cyber Threat Intelligence Database

Ransomware: Because OpSec is Hard?

Tags

attack-pattern:

Direct Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Whois - T1596.002

Show in Graph

Common Information

Type	Value
UUID	c555c80d-2ef1-4066-b93e-b345a1d93f9f
Fingerprint	a49d9a9906f58741
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 25, 2016, 11:01 a.m.
Added to db	Oct. 9, 2022, 4:16 p.m.
Last updated	Oct. 31, 2024, 7:48 a.m.
Headline	Vulnerability Information
Title	Ransomware: Because OpSec is Hard?
Detected Hints/Tags/Attributes	53/1/38

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2016/07/ransomware-because-opsec-is-hard.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	155	yandex.com
Details	Domain	1	kipibank.com
Details	Domain	1	cryptowallremoval.com
Details	Domain	1	www.kipibank.com
Details	Domain	1	complaint376878.zip
Details	Domain	1	waldorftrust.com
Details	Domain	1	rs13.zip
Details	Domain	2	cryptoglobalbank.com
Details	Domain	1	cryptoconsulate.com
Details	Domain	2	crypted.site88.net
Details	Domain	2	publicocolombiano.com
Details	Email	2	cryptofinancial@yandex.com
Details	Email	1	minercount@yandex.com
Details	Email	1	minercount2@yandex.com
Details	File	1	panel.jpg
Details	File	3	55.exe
Details	File	2	anon.jpg
Details	File	1	i2.html
Details	File	1	complaint376878.zip
Details	File	1	56.exe
Details	File	1	'rs13.zip
Details	File	1	'mnstr.exe
Details	File	1	waldorf.exe
Details	File	2	bitcoinblackmailer.exe
Details	File	1	mnster.exe
Details	File	1	t4.exe
Details	File	2	t5.exe
Details	File	1	anonpop.exe
Details	sha256	1	622d4a52e70c9831eafb2427b51abfbb311ecc34b719432cc19906c80c88aa92
Details	sha256	1	7cd8f7baf45a7a1847f4329e31cf88a9a549830d6ca00ea1837e99567619bb8f
Details	sha256	1	763cbd6fb5d35d040ab1783c517c4fca43c81a0d72cc4c873b89c789cc2d6bec
Details	sha256	1	fca8fc0f91c9507f4ef678efbff06386fa10bc8819d74a3cdef03072484bda36
Details	sha256	1	2074fdc9424cf0bc0317562af7dfdea4a861519a97231c6686c5e7a7f4a3c942
Details	sha256	1	ba6c31e51350c074c6092e270a3401ccee2e78aaa2e48d23e0ab2e11e7ef18d8
Details	sha256	1	0d0c99a3cc19099f68f6c9aec7e2dc5bf40cc83e629e3751ead76b0d36d548fc
Details	IPv4	1	108.167.140.232
Details	Pdb	1	c:\users\monument\desktop\winpopfiles\ransnew\rs630\winopen\bin\debug\winopen.pdb
Details	Pdb	2	c:\users\monument\desktop\mean\bitcoinblackmailer\bitcoinblackmailer\obj\release\bitcoinblackmailer.pdb