Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware #Trojan
- -------------------------------------
- 14-02-2019 IOC's
- -------------------------------------
- Main object- "6893f7d9b87415f59f476b5c9f1bde04d27bfab0cbded0a9cbefe2049c589cf6.bin.gz"
- sha256 d2f56b0fcecf3ef1df61b44084017bbe267dcd6ca5320cf2da408eea0237a2d8
- sha1 905418a9202a7e4d5138639f5b2b53afb6fdd49e
- md5 421928824f7639fae7750977d875ea63
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\messg[1].jpg 43a904fe985dd66b08b16ad02dbfc6b3f5c1d5a0f5cf509e379a7f01510541a6
- DNS requests
- domain deflektori.ru
- domain presse.schmutzki.de
- domain www.palmomedia.de
- domain whatsmyip.net
- domain whatismyipaddress.com
- Connections
- ip 91.218.229.12
- ip 2.21.36.203
- ip 208.83.223.34
- ip 91.194.91.201
- ip 193.34.145.200
- ip 85.229.213.118
- ip 171.25.193.9
- ip 104.16.154.36
- ip 80.100.250.244
- ip 193.23.244.244
- ip 77.243.191.102
- ip 104.18.35.131
- HTTP/HTTPS requests
- url http://deflektori.ru/buyme/i/slavneft.zakaz.zip
- url http://presse.schmutzki.de/.well-known/acme-challenge/messg.jpg
- url http://whatismyipaddress.com/
- url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement