EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware.
Tags
| country: | India |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | f627fe43-4593-43c1-8e8a-c9eca71ac757 |
| Fingerprint | be812278bcb70697 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 28, 2017, 1:23 a.m. |
| Added to db | Jan. 18, 2023, 9:59 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware. |
| Title | EITest Leads to RIG EK at 188.225.36.251. EK Drops CryptoShield 2.0 Ransomware. |
| Detected Hints/Tags/Attributes | 40/2/30 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | amaz0ns.com |
|
| Details | Domain | 2 | 3tre.sicafnicaragua.com |
|
| Details | Domain | 2 | 3fds.tbsistemas.com |
|
| Details | Domain | 1 | www.amaz0ns.com |
|
| Details | Domain | 162 | bleepingcomputer.com |
|
| Details | Domain | 1 | www.rot13.com |
|
| Details | Domain | 99 | india.com |
|
| Details | Domain | 5 | computer4u.com |
|
| Details | 1 | r_sp@india.com |
||
| Details | 2 | res_reserve@india.com |
||
| Details | File | 1 | products-over.php |
|
| Details | File | 20 | page.html |
|
| Details | File | 52 | exploit.swf |
|
| Details | File | 23 | o32.tmp |
|
| Details | File | 1 | l3v4k74h.exe |
|
| Details | File | 1 | ma25k6ln.exe |
|
| Details | File | 1 | 81yrliiy.exe |
|
| Details | File | 137 | conhost.exe |
|
| Details | File | 5 | firstdetect.js |
|
| Details | File | 31 | tmp.exe |
|
| Details | File | 2 | vvsadmin.exe |
|
| Details | File | 105 | bcdedit.exe |
|
| Details | sha256 | 1 | 9a750f27dfc05d5d41d9da4106ecb71be414538eff3eb3bc8ecca01f5a9aad9b |
|
| Details | sha256 | 1 | 5628e6cdecc617c18137ff132cda600c72baf23f824fbae5c81a8034a9ba3554 |
|
| Details | sha256 | 1 | e142f06a2e96f7a0c6eb046a79b85bc24e79e66c5c2bc12e144285c23fc89b69 |
|
| Details | sha256 | 1 | e2387bcd3d274f5b4d0353edff2755d39d66afedda1d47f7548391c5d4238f52 |
|
| Details | IPv4 | 2 | 188.225.36.251 |
|
| Details | IPv4 | 1 | 104.28.18.48 |
|
| Details | IPv4 | 1 | 5.154.191.90 |
|
| Details | Url | 1 | http://www.rot13.com |