Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom
Tags
| country: | Portugal |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e0eba6ce-e1c6-4609-ad46-31234b18ea1e |
| Fingerprint | 34643a7b25878ed5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 11, 2016, midnight |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom |
| Title | Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom |
| Detected Hints/Tags/Attributes | 45/2/13 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 40 | btc.blockr.io |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 3 | drpbx.exe |
|
| Details | File | 3 | %userprofile%\appdata\roaming\frfx\firefox.exe |
|
| Details | File | 1 | jigsawdecrypter.exe |
|
| Details | File | 2 | dwg.ep |
|
| Details | File | 2 | %userprofile%\appdata\roaming\system32work\encryptedfilelist.txt |
|
| Details | File | 2 | %userprofile%\appdata\roaming\system32work\address.txt |
|
| Details | File | 2 | %userprofile%\appdata\local\drpbx\drpbx.exe |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/download/jigsaw-decrypter |
|
| Details | Url | 1 | http://btc.blockr.io |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe |