TargetCompany
Tags
| country: | Israel |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | efc2701a-d4ee-4c6e-ba78-8bb055556032 |
| Fingerprint | 36a72a3e36959950 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 15, 2021, 10:50 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | TargetCompany |
| Detected Hints/Tags/Attributes | 54/3/86 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://id-ransomware.blogspot.com/2021/06/tohnichi-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | garrantdecrypt.pa |
|
| Details | Domain | 179 | www.torproject.org |
|
| Details | Domain | 1 | eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 15 | malware.ai |
|
| Details | Domain | 1 | ransom.win32.garrantdecrypt.sm |
|
| Details | Domain | 58 | mailfence.com |
|
| Details | Domain | 167 | tutanota.com |
|
| Details | Domain | 144 | cock.li |
|
| Details | Domain | 1 | jnjorcburoayrwfrmnq3czngju76wdjyuyufqaep6joutvidohuh24ad.onion |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 85 | onionmail.org |
|
| Details | Domain | 3 | stealthypost.net |
|
| Details | 1 | israel@mailfence.com |
||
| Details | 2 | mallox@tutanota.com |
||
| Details | 3 | recohelper@cock.li |
||
| Details | 2 | newexploit@tutanota.com |
||
| Details | 2 | consultransom@tutanota.com |
||
| Details | 2 | consultransom@protonmail.com |
||
| Details | 2 | devicezz@mailfence.com |
||
| Details | 2 | acookies@tutanota.com |
||
| Details | 2 | acookies@onionmail.org |
||
| Details | 3 | mallox@stealthypost.net |
||
| Details | File | 140 | files.txt |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 20 | fdhost.exe |
|
| Details | File | 18 | fdlauncher.exe |
|
| Details | File | 10 | msdtssrvr.exe |
|
| Details | File | 10 | msmdsrv.exe |
|
| Details | File | 9 | mysql.exe |
|
| Details | File | 3 | ntdbsmgr.exe |
|
| Details | File | 67 | oracle.exe |
|
| Details | File | 2 | reportingservecesservice.exe |
|
| Details | File | 5 | sqlserv.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 11 | local.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | %systemroot%\\system32\\notepad.exe |
|
| Details | File | 15 | malware.ai |
|
| Details | File | 45 | information.txt |
|
| Details | File | 3 | consoleapp2.exe |
|
| Details | File | 11 | advancedrun.exe |
|
| Details | File | 73 | trojan.msi |
|
| Details | File | 1 | 79wnbm97b.dll |
|
| Details | File | 5 | share.exe |
|
| Details | File | 1 | hbatka.exe |
|
| Details | File | 9 | recover.txt |
|
| Details | File | 19 | recovery.txt |
|
| Details | md5 | 1 | d687eb9fea18e6836bd572b2d180b144 |
|
| Details | md5 | 1 | c8318053dac1b12c686403fde752954c |
|
| Details | md5 | 1 | 1438557a2ce68d12cbd540d3d256c583 |
|
| Details | md5 | 1 | af8c28577e447bb43f80cc81c518d146 |
|
| Details | md5 | 1 | 315aaf1f0128e50999fd5b82949a9267 |
|
| Details | md5 | 22 | f34d5f2d4577ed6d9ceec516c1f5a744 |
|
| Details | md5 | 1 | 99e949ddd57dbc19457eba5f235516f3 |
|
| Details | md5 | 1 | 2acb21c02b38dad982d78ebff7cfa2d3 |
|
| Details | md5 | 1 | 23aaf53347d1ff573792bd5165932149 |
|
| Details | md5 | 1 | a765dbcbac57a712e2eb748fe6fd5e7c |
|
| Details | md5 | 1 | 1f6297d8f742cb578bfa59735120326b |
|
| Details | md5 | 1 | 1c1a27cb29df6923d860b330c9f7a54f |
|
| Details | md5 | 1 | ed2fd6050340ecc464621137c7add3ad |
|
| Details | md5 | 1 | 8e4fa69d87a6d3c6d7e6c699b25cc2ab |
|
| Details | md5 | 1 | 7d1a1ba7b3fa066ca05e323a7d526151 |
|
| Details | sha1 | 1 | 0e7f076d59ab24ab04200415cb35037c619d0bae |
|
| Details | sha1 | 1 | 7edf16629b924e3f479ea0e82e91a32c54706489 |
|
| Details | sha1 | 1 | 206f2335b0d7e42553bac9841e67b7f3c8e2d645 |
|
| Details | sha1 | 1 | cf16a16a1865d444da3a9636cdc176fcc5b6c758 |
|
| Details | sha1 | 1 | 99f9270e85ec53b8dada459279d30e8b169462c1 |
|
| Details | sha1 | 1 | 75543627f8f2ab0c85228372a0eca6928ee84b7d |
|
| Details | sha1 | 1 | 59c51f9d5f699b6aa6b3e37fcd93da87ce79d815 |
|
| Details | sha1 | 1 | ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17 |
|
| Details | sha1 | 1 | 07adc67a3c72e76127ced9c0d72cea32b40d5c55 |
|
| Details | sha1 | 1 | e5981cfe6ded85b01b10f4b2a5fc2f8537a63b31 |
|
| Details | sha256 | 1 | 863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1 |
|
| Details | sha256 | 1 | 63fd08783dd07959fbdaadc26058a3b7e29c1c7053b570989be352db9b541f36 |
|
| Details | sha256 | 1 | 415321444d2ab732e84ff7acb4739e09827ee2fcc748d0fa1d7504bae1d133a3 |
|
| Details | sha256 | 1 | e5f20c03da31983648fca8c76f9be565e7d2fb13e2c5bc85da012d72e81dbf1c |
|
| Details | sha256 | 1 | e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b |
|
| Details | sha256 | 1 | af723e236d982ceb9ca63521b80d3bee487319655c30285a078e8b529431c46e |
|
| Details | sha256 | 1 | 7e6cd2bf820d81c9389c549cfe482bcdb1b57c5f39d53b63cd1efb79699e7ae6 |
|
| Details | sha256 | 1 | 3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673 |
|
| Details | sha256 | 1 | 53d606ea6cea8fba9ca4fdd1af411c1212ad20678cd22a43697c4b8e9b371f62 |
|
| Details | sha256 | 1 | 6a0d713e89b61a8709f8d55e19631ec31370d87880a478704609eee78ccd3c18 |
|
| Details | Url | 63 | https://www.torproject.org |
|
| Details | Url | 1 | http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact |