ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f5d14a2d-d29f-4de0-ac7a-2230cc61e6fa |
| Fingerprint | ffc0b287733249ee |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 26, 2020, 12:53 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft |
| Title | ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft |
| Detected Hints/Tags/Attributes | 23/1/73 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | viewdrivers.com |
|
| Details | Domain | 5 | service1updater.com |
|
| Details | Domain | 3 | godofservice.com |
|
| Details | Domain | 5 | driverdwl.com |
|
| Details | Domain | 5 | driver1updater.com |
|
| Details | Domain | 5 | driver1master.com |
|
| Details | Domain | 5 | checktodrivers.com |
|
| Details | Domain | 5 | boost-yourservice.com |
|
| Details | Domain | 5 | backup1master.com |
|
| Details | Domain | 5 | backup1helper.com |
|
| Details | Domain | 7 | backup-helper.com |
|
| Details | Domain | 6 | backup-leader.com |
|
| Details | Domain | 6 | backup-simple.com |
|
| Details | Domain | 6 | bakcup-checker.com |
|
| Details | Domain | 6 | bakcup-monster.com |
|
| Details | Domain | 6 | boost-servicess.com |
|
| Details | Domain | 6 | nas-leader.com |
|
| Details | Domain | 6 | nas-simple-helper.com |
|
| Details | Domain | 6 | service-checker.com |
|
| Details | Domain | 6 | service-leader.com |
|
| Details | Domain | 18 | paste.cryptolaemus.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | File | 1 | emotet-malware-iocs_10-22-20.html |
|
| Details | File | 1 | emotet-c2-deltas-1700-1300_10-21-20.html |
|
| Details | File | 1 | emotet-malware-iocs_10-20-20.html |
|
| Details | File | 1 | emotet-c2-deltas-1010-0610_10-21-20.html |
|
| Details | File | 1 | emotet-c2-deltas-1410-1010_10-20-20.html |
|
| Details | File | 1 | emotet-malware-iocs_10-19-20.html |
|
| Details | File | 1 | threat-roundup-1009-1016.html |
|
| Details | File | 1 | emotet-c2-deltas-1550-1150_10-15-20.html |
|
| Details | File | 1 | emotet-c2-deltas-1505-1105_10-16-20.html |
|
| Details | File | 1 | emotet-malware-iocs_10-15-20.html |
|
| Details | sha256 | 3 | 4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e |
|
| Details | sha256 | 3 | 2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f |
|
| Details | IPv4 | 2 | 188.116.36.155 |
|
| Details | IPv4 | 5 | 45.153.240.222 |
|
| Details | IPv4 | 2 | 185.117.75.193 |
|
| Details | IPv4 | 5 | 45.153.240.178 |
|
| Details | IPv4 | 2 | 194.36.188.154 |
|
| Details | IPv4 | 2 | 45.153.240.246 |
|
| Details | IPv4 | 2 | 194.36.188.45 |
|
| Details | IPv4 | 5 | 45.153.240.220 |
|
| Details | IPv4 | 5 | 45.153.240.157 |
|
| Details | IPv4 | 5 | 45.153.240.194 |
|
| Details | IPv4 | 5 | 45.153.240.240 |
|
| Details | IPv4 | 5 | 45.153.240.138 |
|
| Details | IPv4 | 5 | 45.153.240.136 |
|
| Details | IPv4 | 2 | 45.153.240.133 |
|
| Details | IPv4 | 5 | 45.153.241.1 |
|
| Details | IPv4 | 5 | 45.147.229.44 |
|
| Details | IPv4 | 6 | 45.147.229.52 |
|
| Details | IPv4 | 6 | 45.147.229.68 |
|
| Details | IPv4 | 6 | 45.147.229.92 |
|
| Details | IPv4 | 6 | 45.147.230.131 |
|
| Details | IPv4 | 6 | 45.147.230.132 |
|
| Details | IPv4 | 6 | 45.147.230.133 |
|
| Details | IPv4 | 6 | 45.147.230.140 |
|
| Details | IPv4 | 6 | 45.147.230.141 |
|
| Details | IPv4 | 5 | 45.147.230.159 |
|
| Details | IPv4 | 1 | 45.147.231.188 |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/22/emotet-malware-iocs_10-22-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/21/emotet-c2-deltas-1700-1300_10-21-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/20/emotet-malware-iocs_10-20-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/21/emotet-c2-deltas-1010-0610_10-21-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/20/emotet-c2-deltas-1410-1010_10-20-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/19/emotet-malware-iocs_10-19-20.html |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads |
|
| Details | Url | 1 | https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/15/emotet-c2-deltas-1550-1150_10-15-20.html |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/16/emotet-c2-deltas-1505-1105_10-16-20.html |
|
| Details | Url | 1 | https://cofense.com/were-grateful-for-the-trust-devious-link-inside-pdf-attachment-leads-to-compromised-credentials |
|
| Details | Url | 1 | https://paste.cryptolaemus.com/emotet/2020/10/15/emotet-malware-iocs_10-15-20.html |