STOP/DJVU Ransomware - Minerva Labs
Tags
country: Armenia Azerbaijan Belarus Kazakhstan Kyrgyzstan Tajikistan Uzbekistan Syria Ukraine
attack-pattern: Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Scheduled Task - T1053.005 Software - T1592.002 Process Hollowing - T1093 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID f790be8b-426d-4220-90c5-ab819cdd7820
Fingerprint 8736a0790f74265e
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 25, 2022, 2:32 p.m.
Added to db Nov. 29, 2022, 10:12 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline STOP/DJVU Ransomware
Title STOP/DJVU Ransomware - Minerva Labs
Detected Hints/Tags/Attributes 35/2/14
Source URLs
Redirection Url
Details Source https://minerva-labs.com/blog/stop-djvu-ransomware/
URL Provider
Details Provider Source level domain
Details minerva-labs.com minerva-labs.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 511 https://minerva-labs.com/blog/feed/ 2024-08-31 13:08
Attributes
Details Type #Events CTI Value
Details Domain 39 
api.2ip.ua
Details Domain 11 
rgyui.top
Details Domain 9 
acacaca.org
Details File 29 
geo.json
Details File 14 
build2.exe
Details File 12 
build3.exe
Details File 193 
ntuser.dat
Details File 100 
ntuser.dat.log
Details File 351 
recycle.bin
Details File 367 
readme.txt
Details Url 28 
https://api.2ip.ua/geo.json
Details Url 6 
http://rgyui.top/dl/build2.exe
Details Url 5 
http://acacaca.org/files/1/build3.exe
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run.Figure