IoCs/Ransomware-MountLocker.csv at master · sophoslabs/IoCs
Tags
| attack-pattern: | Data Powershell - T1059.001 Regsvr32 - T1218.010 Scheduled Task - T1053.005 Powershell - T1086 Regsvr32 - T1117 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | e00faba5-9b01-4763-8302-77a70379720b |
| Fingerprint | 83f8b4d5380b3397 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 1, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:33 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | UNKNOWN |
| Title | IoCs/Ransomware-MountLocker.csv at master · sophoslabs/IoCs |
| Detected Hints/Tags/Attributes | 24/1/37 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/sophoslabs/IoCs/blob/master/Ransomware-MountLocker.csv |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 2 | supercombinating.com |
|
| Details | Domain | 1 | felpojdhf8980.cyou |
|
| Details | File | 2 | ransomware-mountlocker.csv |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 1 | yesc64.dll |
|
| Details | File | 1 | locker_64.dll |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 1 | archs64.dll |
|
| Details | File | 1 | diloay.dll |
|
| Details | File | 1 | keatuxnf.dll |
|
| Details | File | 1 | niicok.dll |
|
| Details | File | 4 | recoverymanual.html |
|
| Details | File | 1 | c:\inetpub\locker_64.dll |
|
| Details | File | 1 | miavan32.dll |
|
| Details | File | 77 | mimikatz.exe |
|
| Details | File | 1 | c:\windows\ar664hs.dll |
|
| Details | File | 1 | c:\windows\locker_64.dll |
|
| Details | File | 1 | c:\windows\syswow64\exploer.exe |
|
| Details | File | 1 | %systemdrive%\windows\temp\cirmjhmizofvnjpd.txt |
|
| Details | File | 1 | kmsvucnomepvwphr.bat |
|
| Details | File | 1 | pklnefsuyhywluwz.txt |
|
| Details | File | 1 | slokuatciylttpwm.bat |
|
| Details | sha256 | 1 | 30ff38e859a849b6776dd7b0f299ba83605858f661297f39585bcf928769feef |
|
| Details | sha256 | 1 | 5606c92af263869268a11eb730eb32d5fd770896530b23e42d2390d6ef230d61 |
|
| Details | sha256 | 1 | 864930113d66c413bab705e79add3659efa95126449bfad05abf99c6d7e8ae00 |
|
| Details | IPv4 | 2 | 104.244.42.129 |
|
| Details | IPv4 | 1 | 139.60.162.19 |
|
| Details | IPv4 | 1 | 143.110.185.84 |
|
| Details | IPv4 | 1 | 185.162.235.61 |
|
| Details | IPv4 | 1 | 206.189.56.140 |
|
| Details | IPv4 | 3 | 31.13.93.174 |
|
| Details | IPv4 | 1 | 31.13.93.35 |
|
| Details | IPv4 | 1 | 52.204.190.157 |
|
| Details | Url | 2 | https://news.sophos.com/en-us/2021/03/31/sophos-mtr-in-real-time-what-is-astro-locker-team |
|
| Details | Url | 1 | http://supercombinating.com:80/bug3 |