BlackSuit Ransomware IOCs - II - SEC-1275-1
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 |
Common Information
| Type | Value |
|---|---|
| UUID | fee46076-9eb2-4343-9af5-9101aed612a8 |
| Fingerprint | 862377bd1beef95e |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 30, 2024, midnight |
| Added to db | Aug. 30, 2024, 11:14 p.m. |
| Last updated | Nov. 16, 2024, 8:06 p.m. |
| Headline | BlackSuit Ransomware IOCs - II |
| Title | BlackSuit Ransomware IOCs - II - SEC-1275-1 |
| Detected Hints/Tags/Attributes | 9/1/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://1275.ru/ioc/3896/blacksuit-ransomware-iocs-ii/?mtm_campaign=rss |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | 1275.ru | 1275.ru |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 8 | ✔ | Архивы IOC - SEC-1275-1 | https://1275.ru/ioc/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | as.regsvcast.com |
|
| Details | Domain | 3 | qw.regsvcast.com |
|
| Details | Domain | 3 | svchorst.com |
|
| Details | Domain | 3 | zx.regsvcast.com |
|
| Details | File | 10 | get-datainfo.ps1 |
|
| Details | File | 2 | as.reg |
|
| Details | File | 2 | qw.reg |
|
| Details | File | 2 | zx.reg |
|
| Details | md5 | 2 | 0bb61c0cff022e73b7c29dd6f1ccf0e2 |
|
| Details | md5 | 2 | 3900ebc7766f3894fb1eb300460376ad |
|
| Details | md5 | 2 | 3bf1142b3294c23852852053135ec0df |
|
| Details | md5 | 2 | 519dc779533b4ff0fc67727fecadba82 |
|
| Details | md5 | 2 | 76a2363d509cc7174c4abee9a7d7ae68 |
|
| Details | md5 | 2 | 820cfde780306e759bb434da509f7a91 |
|
| Details | md5 | 3 | 9b02dd2a1a15e94922be3f85129083ac |
|
| Details | md5 | 2 | b54240c98ca23202e58a1580135ad14c |
|
| Details | md5 | 2 | ed44877077716103973cbbebd531f38e |
|
| Details | sha1 | 2 | 286588a50b9b128d07aa0f8851f2d7ee91dfa372 |
|
| Details | sha1 | 2 | 2bb6c8b6461edc49e22f3d0c7dc45904b2ed8a2b |
|
| Details | sha1 | 3 | 2cb6ff75b38a3f24f3b60a2742b6f4d6027f0f2a |
|
| Details | sha1 | 2 | 4e38b98965a4d4756e6f4a8259df62cbca7de559 |
|
| Details | sha1 | 2 | 586ea19ea4776300962e20cfc9e7017a50888ecb |
|
| Details | sha1 | 2 | 8dde03600a18a819b080a41effc24f42fa960a3e |
|
| Details | sha1 | 2 | a3b617eb4248aba34c28c48886116ac97e55e932 |
|
| Details | sha1 | 2 | cd55256904f1964b90b51089b46f1a933fec3e8e |
|
| Details | sha1 | 2 | ceb8c699a57193aa3be2a1766b03050cde3c738a |
|
| Details | sha1 | 2 | e63732fb38d2e823348529a264b4c4718e0c0b4a |
|
| Details | sha256 | 2 | 27e300fa67828d8ffd72d0325c6957ff54d2dc6a060bbf6fc7aa5965513468e0 |
|
| Details | sha256 | 2 | 3b873bc8c7ee12fe879ab175d439b5968c8803fbb92e414de39176e2371896b2 |
|
| Details | sha256 | 2 | 55cde638e9bcc335c79c605a564419819abf5d569c128b95b005b2f48ccc43c1 |
|
| Details | sha256 | 2 | 60dcbfb30802e7f4c37c9cdfc04ddb411060918d19e5b309a5be6b4a73c8b18a |
|
| Details | sha256 | 2 | 6c884e4a9962441155af0ac8e7eea4ac84b1a8e71faee0beafc4dd95c4e4753f |
|
| Details | sha256 | 2 | 9493b512d7d15510ebee5b300c55b67f9f2ff1dda64bddc99ba8ba5024113300 |
|
| Details | sha256 | 2 | a39dc30bd672b66dc400f4633dfa4bdd289b5e79909c2e25e9c08b44d99b8953 |
|
| Details | sha256 | 8 | b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682 |
|
| Details | sha256 | 2 | e92912153cf82e70d52203a1a5c996e68b7753818c831ac7415aedbe6f3f007d |
|
| Details | sha256 | 2 | f474241a5d082500be84a62f013bc2ac5cde7f18b50bf9bb127e52bf282fffbf |
|
| Details | IPv4 | 3 | 137.220.61.94 |
|
| Details | IPv4 | 2 | 147.78.47.178 |
|
| Details | IPv4 | 1 | 15.197.130.221 |