ioc[.]one - OSINT Cyber Threat Intelligence Database

Nemucod

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Javascript - T1059.007 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	d7283aee-8c7d-4ac8-9c27-1c7eafec3b11
Fingerprint	f676097aac461e2d
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 23, 2016, 12:30 a.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 12, 2024, 3:53 p.m.
Headline	Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title	Nemucod
Detected Hints/Tags/Attributes	30/2/50

Source URLs

	Redirection	Url
Details	Source	http://id-ransomware.blogspot.com/2016/04/nemucod-ransomware.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	id-ransomware.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	132	blockchain.info
Details	Domain	162	localbitcoins.com
Details	Domain	1	coseap.it
Details	Domain	1	angelucci.info
Details	Domain	1	bibliotecaatualiza.com.br
Details	Domain	1	clermontcentralchurch.org
Details	Domain	1	glamcook.com
Details	Domain	1	lmapp360.com
Details	Domain	1	roofsalesmastery.com
Details	Domain	1	oneboxcg.com
Details	Domain	1	viktoriaschool.ru
Details	Domain	1	tienda-mediterranea.de
Details	Domain	1	www.united-systems.it
Details	Domain	1	pasargad1007.com
Details	Domain	1	www.sateltrack.net
Details	File	4	decrypted.txt
Details	File	29	decrypt.txt
Details	File	133	blockchain.inf
Details	File	1	angelucci.inf
Details	File	2	%temp%\5021052.exe
Details	File	2	%temp%\502105.txt
Details	File	2	%appdata%\gangbang.dll
Details	File	2	title.xml
Details	File	2	%appdata%\libertine.dll
Details	File	2	%appdata%\minimize_hover.png
Details	File	2	%appdata%\system.dll
Details	Url	4	https://blockchain.info/wallet/new
Details	Url	52	https://localbitcoins.com/buy_bitcoins
Details	Url	1	http://coseap.it/counter/7ad-
Details	Url	1	http://angelucci.info/counter/7ad-
Details	Url	1	http://www.hoanca.cow/counter/?ad
Details	Url	1	http://bibliotecaatualiza.com.br/counter/7ad-
Details	Url	1	http://clermontcentralchurch.org/counter/?a=1arsyhbkvnkmqfzwizon8u2jky8ctqoaa8
Details	Url	1	http://glamcook.com/counter/?a=1arsyhbkvnkmqfzwizon8u2jky8ctqoaa8
Details	Url	1	http://lmapp360.com/counter/?a=1arsyhbkvnkmqfzwizon8u2jky8ctqoaa8
Details	Url	1	http://roofsalesmastery.com/counter/?a=1arsyhbkvnkmqfzwizon8u2jky8ctqoaa8
Details	Url	1	http://oneboxcg.com/counter/?a=1arsyhbkvnkmqfzwizon8u2jky8ctqoaa8
Details	Url	1	http://viktoriaschool.ru/counter/?a=1jjtrgq7fnlwoq9lkjvriugaustm2aqqbt
Details	Url	1	http://tienda-mediterranea.de/counter/?a=1jjtrgq7fnlwoq9lkjvriugaustm2aqqbt
Details	Url	1	http://www.united-systems.it/counter/?a=1jjtrgq7fnlwoq9lkjvriugaustm2aqqbt
Details	Url	1	http://pasargad1007.com/counter/?a=1jjtrgq7fnlwoq9lkjvriugaustm2aqqbt
Details	Url	1	http://www.sateltrack.net/counter/?a=1jjtrgq7fnlwoq9lkjvriugaustm2aqqbt
Details	Windows Registry Key	2	HKCU\Software\Classes\.2MGvFO
Details	Windows Registry Key	2	HKCU\Software\Classes\ayC5
Details	Windows Registry Key	2	HKCU\Software\Classes\ayC5\shell
Details	Windows Registry Key	2	HKCU\Software\Classes\ayC5\shell\open
Details	Windows Registry Key	2	HKCU\Software\Classes\ayC5\shell\open\command
Details	Windows Registry Key	2	HKCU\Software\3c1cee05f3
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	3	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Crypted