API tools faq
paste
Advertisement
G0dR4p3

Shade_Ransomware_IOCs_14-02-2019

G0dR4p3
Feb 14th, 2019
228
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.19 KB | None | 0 0
raw download clone embed print report
  1. #Shade #Troldesh #Ransomware #Trojan
  2. -------------------------------------
  3. 14-02-2019 IOC's
  4. -------------------------------------
  5. Main object- "6893f7d9b87415f59f476b5c9f1bde04d27bfab0cbded0a9cbefe2049c589cf6.bin.gz"
  6. sha256 d2f56b0fcecf3ef1df61b44084017bbe267dcd6ca5320cf2da408eea0237a2d8
  7. sha1 905418a9202a7e4d5138639f5b2b53afb6fdd49e
  8. md5 421928824f7639fae7750977d875ea63
  9. Dropped executable file
  10. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\messg[1].jpg 43a904fe985dd66b08b16ad02dbfc6b3f5c1d5a0f5cf509e379a7f01510541a6
  11. DNS requests
  12. domain deflektori.ru
  13. domain presse.schmutzki.de
  14. domain www.palmomedia.de
  15. domain whatsmyip.net
  16. domain whatismyipaddress.com
  17. Connections
  18. ip 91.218.229.12
  19. ip 2.21.36.203
  20. ip 208.83.223.34
  21. ip 91.194.91.201
  22. ip 193.34.145.200
  23. ip 85.229.213.118
  24. ip 171.25.193.9
  25. ip 104.16.154.36
  26. ip 80.100.250.244
  27. ip 193.23.244.244
  28. ip 77.243.191.102
  29. ip 104.18.35.131
  30. HTTP/HTTPS requests
  31. url http://deflektori.ru/buyme/i/slavneft.zakaz.zip
  32. url http://presse.schmutzki.de/.well-known/acme-challenge/messg.jpg
  33. url http://whatismyipaddress.com/
  34. url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!