ioc[.]one - OSINT Cyber Threat Intelligence Database

TorrentLocker: Crypto‑ransomware still active, using same tactics | WeLiveSecurity

Tags

country:	Australia Austria Belgium Switzerland China Czechia Denmark Netherlands Germany France Italy Japan Norway Spain Sweden Thailand Martinique New Zealand Poland Portugal Taiwan Ukraine United Kingdom
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	e0566163-4476-4998-a85f-72ddd2538a3d
Fingerprint	3d74197be300aedb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 1, 2016, 2:34 p.m.
Added to db	June 15, 2023, 10:42 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	TorrentLocker: Crypto‑ransomware still active, using same tactics
Title	TorrentLocker: Crypto‑ransomware still active, using same tactics \| WeLiveSecurity
Detected Hints/Tags/Attributes	100/2/59

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2016/09/01/torrentlocker-crypto-ransomware-still-active-using-tactics/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	diniyat.com
Details	Domain	2	domain.nl
Details	Domain	1	azrs.postnl-tracking24.org
Details	Domain	1	postnl-pakket.zip
Details	Domain	1	sudoimpex.ru
Details	Domain	1	goanfilter.net
Details	Domain	1	axgumdgrlnup.net
Details	Domain	1	gyhigtotna.com
Details	Domain	1	mz7oyb3v32vshcvk.onion
Details	Domain	1	h453liaclp7vmxnb.onion
Details	Domain	1	vrympoqs5ra34nfo.onion
Details	Domain	33	blog.fortinet.com
Details	Domain	14	blogs.mcafee.com
Details	Domain	6	blogs.forcepoint.com
Details	Domain	7	blogs.sophos.com
Details	Domain	1	tribalchicken.com.au
Details	Domain	4	securityblog.s21sec.com
Details	Domain	6	www.govcert.admin.ch
Details	Domain	1	www.mimikama.at
Details	Domain	6	reaqta.com
Details	Domain	1	www.vectra-corp.com
Details	Email	1	diniyat.com/jku8xt.php?id=victim@domain.nl
Details	File	1	jku8xt.php
Details	File	1	yr7mb.php
Details	File	1	postnl-pakket.zip
Details	File	1	postnl-pakket.js
Details	File	54	file.exe
Details	File	1260	explorer.exe
Details	File	146	wininet.dll
Details	File	1	torrentlocker-campaign-affecting-spain.html
Details	File	1	filecoder.torrent
Details	sha1	1	2bf11bd7c946f36a690bd2ddb6623bf478e8f37b
Details	sha1	1	bff8090e21c020e989e4c36ebfe50b6c33ddc733
Details	sha1	1	eb7bf6b79cca5fd6b73f32049560ae57c9988a70
Details	sha256	1	4d78c23939ebde78b5bafcab47d199169af6821f3d276b5324df9d79ecc7bad4
Details	sha256	1	ba14569abb28c1b53ed02f2255ec0ebc9c1ac04f8f044062fbdf08b5acb65c54
Details	sha256	1	34a43bc9495064a464bccf82b43d8f03273528fe1a497e55b23efa7d8d3b8daf
Details	sha256	1	beabc25657c4d67f84d0e517a654f3663ea2f79793221aa9247486a7584e6f79
Details	sha256	1	3664d810c09ed7b2a0ec9cb29426c92d7ec3b9592a7a86ae7e51d1895778b94c
Details	IPv4	1	164.132.15.78
Details	IPv4	1	62.76.184.225
Details	IPv4	1	77.246.149.85
Details	Url	1	http://diniyat.com/jku8xt.php?id=victim@domain.nl
Details	Url	1	http://azrs.postnl-tracking24.org/yr7mb.php?id=dmljdgltqgrvbwfpbi5uba==
Details	Url	1	http://azrs.postnl-tracking24.org/file/postnl-pakket.zip
Details	Url	1	http://sudoimpex.ru/administrator/file.exe
Details	Url	1	http://www.bleepingcomputer.com/forums/t/574686/torrentlocker-changes-its-name-to-crypt0l0cker-and-bypasses-us-computers
Details	Url	2	https://blog.fortinet.com/2016/07/25/insights-on-torrentlocker
Details	Url	1	https://blogs.mcafee.com/mcafee-labs/torrentlocker-campaign-exploits-spanish-utility-brand
Details	Url	1	https://blogs.forcepoint.com/security-labs/torrentlocker-back-and-targets-sweden-italy
Details	Url	1	https://blog.trendmicro.com/trendlabs-security-intelligence/torrentlocker-ransomware-hits-anz-region
Details	Url	1	https://blogs.sophos.com/2015/12/23/the-current-state-of-ransomware-torrentlocker
Details	Url	1	https://tribalchicken.com.au/security/crypt0l0cker-torrentlocker-rebranded
Details	Url	1	http://securityblog.s21sec.com/2014/12/torrentlocker-campaign-affecting-spain.html
Details	Url	1	https://www.govcert.admin.ch/blog/17/torrentlocker-ransomware-targeting-swiss-internet-users
Details	Url	1	https://www.mimikama.at/allgemein/trojaner-warnung-gefaelschte-a1-online-rechnung
Details	Url	1	https://reaqta.com/2016/04/uncovering-a-ransomware-distribution-operation
Details	Url	1	https://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2
Details	Url	1	https://www.vectra-corp.com/torrentlocker-ransomware-outbreak