DeriaLock
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | d33360bf-7cda-4be9-b301-cb09a71f7108 |
| Fingerprint | fe714dffc0e79b72 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 26, 2016, 12:32 p.m. |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Sept. 4, 2024, 8:53 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | DeriaLock |
| Detected Hints/Tags/Attributes | 16/2/10 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.co.il/2016/12/derialock-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | arizonacode.bplaced.net |
|
| Details | Domain | 1 | bplaced.net |
|
| Details | Domain | 1 | gommehd.net |
|
| Details | Domain | 3 | wallup.net |
|
| Details | File | 1 | c:\users\appdata\roaming\microsoft\windows\start menu\programs\startup\systemlock.exe |
|
| Details | File | 3 | logon.exe |
|
| Details | File | 14 | ransom.exe |
|
| Details | File | 9 | downloader.exe |
|
| Details | IPv4 | 2 | 144.76.167.69 |
|
| Details | IPv4 | 1 | 5.9.107.19 |