ioc[.]one - OSINT Cyber Threat Intelligence Database

Cerber ransomware delivered in format of a different order of Magnitude | Malwarebytes Labs

Tags

country:	South Korea
attack-pattern:	Data Binary Padding - T1027.001 Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Junk Data - T1001.001 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Vulnerabilities - T1588.006 Binary Padding - T1009 Regsvr32 - T1117 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	e42210bc-e346-4ba3-b10b-4f52de194d75
Fingerprint	ac2108b1ad2e2c85
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 9, 2017, midnight
Added to db	Jan. 18, 2023, 8:35 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Cerber ransomware delivered in format of a different order of Magnitude
Title	Cerber ransomware delivered in format of a different order of Magnitude \| Malwarebytes Labs
Detected Hints/Tags/Attributes	43/2/24

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivered-format-different-order-magnitude/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	e6cgbdc11cx350s4.lessnot.men
Details	Domain	74	adodb.stream
Details	Domain	1	pcsxcetrasupport3.wordpress.com
Details	Domain	84	www.zscaler.com
Details	Domain	1	zerophagemalware.com
Details	Domain	1	spinner-art.org
Details	Domain	1	511bcl9645285d2w.himlead.com
Details	Domain	1	7fm0cd7d16w37.noneno.space
Details	File	459	regsvr32.exe
Details	File	23	c:\windows\system32\regsvr32.exe
Details	File	62	scrobj.dll
Details	File	1018	rundll32.exe
Details	File	127	c:\windows\system32\rundll32.exe
Details	md5	1	f62241e72664fd04fed6f79656757d9d
Details	md5	1	4a44e2019f2e77c83f55c5c223bf10a0
Details	sha1	1	3da8e94c6d1efe2a039f49a1e748df5eef01af5a
Details	IPv4	1	217.182.227.103
Details	IPv4	1	151.80.246.147
Details	IPv4	1	51.254.229.220
Details	Url	1	http://e6cgbdc11cx350s4.lessnot.men/f62241e72664fd04fed6f79656757d9d.sct
Details	Url	1	http://7fm0cd7d16w37.noneno.space/4a44e2019f2e77c83f55c5c223bf10a0
Details	Url	1	https://pcsxcetrasupport3.wordpress.com/2017/04/24/a-look-at-the-magnitude-exploit-kit-encoding
Details	Url	1	https://www.zscaler.com/blogs/research/wonder-woman-piracy-and-cerber-ransomware
Details	Url	1	https://zerophagemalware.com/2017/08/01/magnitude-ek-xml-package-and-changes