Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | edecad39-dabf-4cba-a63d-9fdc80fbab3a |
| Fingerprint | 8462a0796ab632d5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 9, 2018, midnight |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files |
| Title | Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files |
| Detected Hints/Tags/Attributes | 37/1/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 396 | protonmail.com |
|
| Details | 2 | cryz1@protonmail.com |
||
| Details | File | 7 | gpg.exe |
|
| Details | File | 2 | shred.exe |
|
| Details | File | 22 | find.exe |
|
| Details | File | 3 | key.bat |
|
| Details | File | 6 | run.js |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 6 | ie.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 73 | opera.exe |
|
| Details | File | 23 | safari.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | File | 43 | wbadmin.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 74 | test.jpg |
|
| Details | File | 6 | readme_decrypt.txt |
|
| Details | File | 6 | iconv.dll |
|
| Details | File | 2 | libiconv2.dll |
|
| Details | File | 3 | libintl3.dll |
|
| Details | File | 2 | ownertrust.txt |
|
| Details | File | 2 | qwerty-pub.key |
|
| Details | md5 | 1 | 2b605abf796481bed850f35d007dad24 |
|
| Details | sha256 | 1 | 39c510bc504a647ef8fa1da8ad3a34755a762f1be48e200b9ae558a41841e502 |
|
| Details | sha256 | 1 | aa9ec502e20b927d236e19036b40a5da5ddd4ae030553a6608f821becd646efb |
|
| Details | sha256 | 1 | 554c6198a015dc87e394c4fc74bf5040c48829d793e302632f9eec663733a09e |
|
| Details | sha256 | 1 | 3ec2d1a924ef6f19f2db45e48b9cf4b74a904af5720100e3da02182eee3bcf02 |
|
| Details | sha256 | 1 | b92377f1ecb1288467e81abe286d1fd12946d017e74bd1ab5fb2f11e46955154 |
|
| Details | sha256 | 1 | d06ffa2b486cd0601409db821d38334d0958bf8978f677330908a4c3c87a2b48 |
|
| Details | sha256 | 1 | dc1f6d197904a59894a9b9e66f0f6674766c49151a8ced2344dfaadaf54330b8 |
|
| Details | sha256 | 1 | 6a6722b3b177426ec9ebb27898ef2340208c5644eb56eb5b064f2b2e34bf20bf |
|
| Details | sha256 | 1 | 7eae0a885c7ef8a019b80d55a00e82af2e9a9465b052156490ff822ac68bc23a |