RIG Exploit Kit at 185.154.53.7 Drops Pony, Downloads Philadelphia Ransomware.
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malicious Link - T1204.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | e7f9623b-429e-4843-accb-94b3fb7ca9b8 |
| Fingerprint | bca7b97109eec693 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 15, 2017, 6:18 a.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | RIG Exploit Kit at 185.154.53.7 Drops Pony, Downloads Philadelphia Ransomware. |
| Title | RIG Exploit Kit at 185.154.53.7 Drops Pony, Downloads Philadelphia Ransomware. |
| Detected Hints/Tags/Attributes | 36/3/40 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | serene.rushpcb.co.uk |
|
| Details | Domain | 1 | add.venicebeachsurflodge.com |
|
| Details | Domain | 1 | serene.rushpcb.co |
|
| Details | Domain | 88 | malware-traffic-analysis.net |
|
| Details | Domain | 162 | bleepingcomputer.com |
|
| Details | Domain | 1 | zeta-two.com |
|
| Details | Domain | 1 | 051217.zip |
|
| Details | Domain | 2 | decrypter.emsisoft.com |
|
| Details | Domain | 8 | www.cylance.com |
|
| Details | File | 1 | usde.php |
|
| Details | File | 101 | gate.php |
|
| Details | File | 2 | de.exe |
|
| Details | File | 3 | de.php |
|
| Details | File | 1 | ukusde.php |
|
| Details | File | 19 | page.txt |
|
| Details | File | 52 | exploit.swf |
|
| Details | File | 23 | o32.tmp |
|
| Details | File | 1 | d0x936yo.exe |
|
| Details | File | 1 | 103900378.exe |
|
| Details | File | 1 | 103899520.exe |
|
| Details | File | 1 | 3efgsu69.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 1 | locked.txt |
|
| Details | File | 1 | 051217.zip |
|
| Details | File | 1 | threat-spotlight-philadelphia-ransomware.html |
|
| Details | sha256 | 1 | 19f765ddf0242a6676e9eb2fb28f8095211ab1edad15025c3532f662de3aa954 |
|
| Details | sha256 | 1 | 8a55286efc61cb4f27b43fbabe1e735b40c185f09fd12bf0bea8425cba49c652 |
|
| Details | sha256 | 1 | 50e3fddf0d734a5429272088c2ea1830a033a87f47ff2f38afb5cc0ce9ed9fac |
|
| Details | sha256 | 1 | 1b624ec82dda1689a7ddf5adbfcc0704a023ea4f7b475155087117729cf21e25 |
|
| Details | sha256 | 1 | f13efb73fc64add484aafbc16781a1e0b49d30f23ec0c50618f7c9fe3b015574 |
|
| Details | sha256 | 1 | 661133c3848e57c4541a54b094c1b7124986872c4ce475ceda02440b48c823c1 |
|
| Details | IPv4 | 1 | 185.154.53.7 |
|
| Details | IPv4 | 1 | 160.153.131.96 |
|
| Details | IPv4 | 1 | 89.45.67.99 |
|
| Details | IPv4 | 1 | 86.106.93.17 |
|
| Details | Url | 1 | https://decrypter.emsisoft.com/philadelphia |
|
| Details | Url | 1 | https://www.cylance.com/en_us/blog/threat-spotlight-philadelphia-ransomware.html |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/philadelphia-ransomware-customization-commodity-malware |
|
| Details | Windows Registry Key | 15 | HKCUSoftwareMicrosoftWindowsCurrentVersionRun |
|
| Details | Windows Registry Key | 5 | HKLMSoftwareMicrosoftWindowsCurrentVersionRun |