KOVTER RANSOMWARE – THE EVOLUTION: From Police Scareware to Click Frauds and then to Ransomware
Tags
| attack-pattern: | Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | fb8c8a6a-0996-4268-b193-bbb6328d4467 |
| Fingerprint | af75006ae13da6ca |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 15, 2016, 6:36 p.m. |
| Added to db | Jan. 18, 2023, 8:16 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | KOVTER RANSOMWARE – THE EVOLUTION: From Police Scareware to Click Frauds and then to Ransomware |
| Title | KOVTER RANSOMWARE – THE EVOLUTION: From Police Scareware to Click Frauds and then to Ransomware |
| Detected Hints/Tags/Attributes | 53/1/110 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | mrantifun.net |
|
| Details | Domain | 1 | mailer.teplokomfortvam.ru |
|
| Details | Domain | 1 | 66-192-173-11.static.twtelecom.net |
|
| Details | Domain | 1 | generic-host.mmcs.army.mil |
|
| Details | Domain | 1 | a8.96.33a9.ip4.static.sl-reverse.com |
|
| Details | Domain | 1 | 64-8-202-55.client.dsl.net |
|
| Details | Domain | 1 | a104-98-200-15.deploy.static.akamaitechnologies.com |
|
| Details | Domain | 1 | net-188-153-184-22.cust.dsl.teletu.it |
|
| Details | Domain | 1 | ip-89-102-116-34.net.upcbroadband.cz |
|
| Details | Domain | 1 | user-38lcj5t.dialup.mindspring.com |
|
| Details | Domain | 1 | nothing.attdns.com |
|
| Details | Domain | 1 | 99-118-12-51.lightspeed.gnvlsc.sbcglobal.net |
|
| Details | Domain | 1 | mk-66-62.mk.psu.edu |
|
| Details | Domain | 1 | hsi-kbw-5-56-215-148.hsi17.kabel-badenwuerttemberg.de |
|
| Details | Domain | 1 | pc167h176.vscht.cz |
|
| Details | Domain | 1 | 65-125-113-11.dia.static.qwest.net |
|
| Details | Domain | 1 | rdn-culidor01.vpn.ne.qinip.net |
|
| Details | Domain | 1 | 155.west-palm-beach-07rh16rt-08rh15rt.fl.dial-access.att.net |
|
| Details | Domain | 1 | 105-237-153-151.access.mtnbusiness.co.za |
|
| Details | Domain | 1 | 1cust5295.an3.nyc41.da.uu.net |
|
| Details | Domain | 1 | c-73-244-13-59.hsd1.fl.comcast.net |
|
| Details | Domain | 1 | cpe-98-25-8-68.sc.res.rr.com |
|
| Details | Domain | 1 | 109.rev.sfr.net |
|
| Details | Domain | 1 | accc0ac2.ipt.aol.com |
|
| Details | Domain | 1 | p4fe81ee7.dip0.t-ipconnect.de |
|
| Details | Domain | 1 | 67-41-140-220.hlrn.qwest.net |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 11 | dw20.exe |
|
| Details | File | 97 | upload.php |
|
| Details | File | 1 | 371255.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | 3712551.exe |
|
| Details | File | 58 | test.exe |
|
| Details | File | 24 | army.mil |
|
| Details | File | 1 | mk.ps |
|
| Details | IPv4 | 2 | 78.24.220.229 |
|
| Details | IPv4 | 1 | 178.33.69.66 |
|
| Details | IPv4 | 1 | 66.192.173.11 |
|
| Details | IPv4 | 1 | 50.7.56.91 |
|
| Details | IPv4 | 1 | 43.1.91.197 |
|
| Details | IPv4 | 1 | 84.237.242.132 |
|
| Details | IPv4 | 1 | 102.126.138.17 |
|
| Details | IPv4 | 1 | 214.183.121.64 |
|
| Details | IPv4 | 1 | 13.43.232.149 |
|
| Details | IPv4 | 1 | 178.109.98.143 |
|
| Details | IPv4 | 1 | 55.105.222.27 |
|
| Details | IPv4 | 1 | 143.69.138.131 |
|
| Details | IPv4 | 1 | 152.26.132.216 |
|
| Details | IPv4 | 1 | 41.163.139.83 |
|
| Details | IPv4 | 1 | 12.78.195.76 |
|
| Details | IPv4 | 1 | 169.51.150.168 |
|
| Details | IPv4 | 1 | 64.8.202.55 |
|
| Details | IPv4 | 1 | 104.98.200.15 |
|
| Details | IPv4 | 1 | 188.153.184.22 |
|
| Details | IPv4 | 1 | 205.160.187.162 |
|
| Details | IPv4 | 1 | 215.227.63.44 |
|
| Details | IPv4 | 1 | 89.102.116.34 |
|
| Details | IPv4 | 1 | 27.14.252.13 |
|
| Details | IPv4 | 1 | 76.60.89.35 |
|
| Details | IPv4 | 1 | 209.86.76.189 |
|
| Details | IPv4 | 1 | 167.190.39.70 |
|
| Details | IPv4 | 1 | 135.54.92.29 |
|
| Details | IPv4 | 1 | 61.125.142.134 |
|
| Details | IPv4 | 1 | 99.118.12.51 |
|
| Details | IPv4 | 1 | 19.180.121.230 |
|
| Details | IPv4 | 1 | 160.255.27.65 |
|
| Details | IPv4 | 1 | 59.41.223.254 |
|
| Details | IPv4 | 1 | 146.186.66.62 |
|
| Details | IPv4 | 1 | 214.97.128.10 |
|
| Details | IPv4 | 1 | 42.253.216.229 |
|
| Details | IPv4 | 1 | 46.93.97.70 |
|
| Details | IPv4 | 1 | 115.243.179.178 |
|
| Details | IPv4 | 1 | 5.56.215.148 |
|
| Details | IPv4 | 1 | 29.47.211.197 |
|
| Details | IPv4 | 1 | 141.126.45.95 |
|
| Details | IPv4 | 1 | 147.33.167.176 |
|
| Details | IPv4 | 1 | 101.221.181.224 |
|
| Details | IPv4 | 1 | 35.181.131.94 |
|
| Details | IPv4 | 1 | 49.211.178.128 |
|
| Details | IPv4 | 1 | 65.125.113.11 |
|
| Details | IPv4 | 1 | 69.27.108.12 |
|
| Details | IPv4 | 1 | 137.145.10.111 |
|
| Details | IPv4 | 1 | 195.18.112.140 |
|
| Details | IPv4 | 1 | 12.78.14.155 |
|
| Details | IPv4 | 1 | 105.237.153.151 |
|
| Details | IPv4 | 1 | 56.154.232.96 |
|
| Details | IPv4 | 1 | 30.33.195.27 |
|
| Details | IPv4 | 1 | 46.235.131.177 |
|
| Details | IPv4 | 1 | 63.24.180.175 |
|
| Details | IPv4 | 1 | 1.86.191.252 |
|
| Details | IPv4 | 1 | 220.198.79.95 |
|
| Details | IPv4 | 1 | 159.72.68.152 |
|
| Details | IPv4 | 1 | 94.205.161.244 |
|
| Details | IPv4 | 1 | 176.153.169.67 |
|
| Details | IPv4 | 1 | 73.244.13.59 |
|
| Details | IPv4 | 1 | 98.25.8.68 |
|
| Details | IPv4 | 1 | 95.84.82.132 |
|
| Details | IPv4 | 1 | 134.130.159.185 |
|
| Details | IPv4 | 1 | 90.6.8.109 |
|
| Details | IPv4 | 1 | 109.8.6.90 |
|
| Details | IPv4 | 1 | 145.161.59.169 |
|
| Details | IPv4 | 1 | 55.35.149.132 |
|
| Details | IPv4 | 1 | 42.50.156.96 |
|
| Details | IPv4 | 1 | 172.204.10.194 |
|
| Details | IPv4 | 1 | 185.9.84.229 |
|
| Details | IPv4 | 1 | 79.232.30.231 |
|
| Details | IPv4 | 1 | 67.41.140.220 |
|
| Details | IPv4 | 1 | 49.255.41.224 |