EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3.
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID dfea5e6d-5b83-46d1-bd80-4e79668a7576
Fingerprint bd34ba7b30644e9e
Analysis status DONE
Considered CTI value 2
Text language
Published April 9, 2017, 11:31 p.m.
Added to db Jan. 18, 2023, 9:59 p.m.
Last updated Nov. 17, 2024, 5:54 p.m.
Headline EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3.
Title EITest Campaign Leads to RIG EK at 188.225.39.227. EK Drops Matrix Ransomware v3.
Detected Hints/Tags/Attributes 38/1/28
Source URLs
Redirection Url
Details Source https://malwarebreakdown.com/2017/04/09/eitest-campaign-leads-to-rig-ek-at-188-225-39-227-ek-drops-matrix-ransomware-v3/
URL Provider
Details Provider Source level domain
Details malwarebreakdown.com malwarebreakdown.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
teknonisme.com
Details Domain 1 
fix.russianpropoganda.com
Details Domain 1 
stat6.s76.r53.com.ua
Details Domain 287 
yahoo.com
Details Domain 167 
tutanota.com
Details Domain 88 
malware-traffic-analysis.net
Details Domain 162 
bleepingcomputer.com
Details Email 2 
redtablet9643@yahoo.com
Details Email 1 
decodedcode@tutanota.com
Details File 1 
addrecord.php
Details File 1 
uploadextlist.php
Details File 19 
page.txt
Details File 52 
exploit.swf
Details File 1 
rj8642vr.exe
Details File 1 
0oa8aoyj.exe
Details File 1 
appdataroamingerrlog.txt
Details File 1 
whathappenedwithfiles.rtf
Details File 105 
bcdedit.exe
Details sha256 1 
3a8122166a66f7152596f79e9efa198d86854be9b932a30e35ba163d7b974820
Details sha256 1 
d9e30decea0fb06fb9785c01debf5c378693de344e912b2a3fb159ec87eeb9c5
Details sha256 1 
1aede0023ab5f356d2134aa11783f9cbc0917f955db3c941929ca59a19a701e0
Details IPv4 1 
188.225.39.227
Details IPv4 1 
104.27.184.144
Details IPv4 1 
195.248.235.240
Details IPv4 2 
148.251.13.83
Details IPv4 1 
195.248.235.241
Details IPv4 1 
31.41.216.90
Details IPv4 1 
31.41.217.90