Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware #Opendir
- --------------------------------------------
- 26-04-2019 IOC's
- --------------------------------------------
- Main object- "83250ad954a857da0a6e8470a0543a32fd5811b6887e18012c37935f4e97fe3c.bin.gz"
- sha256 0ff291d127d60a7cff6d414820fd0d29e60497d18abb560f25ead25064a0c5d0
- sha1 209f2fbb13a2135158be2e5951d3a7ada025f4c8
- md5 7acb973ab958197e3075c84748118593
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\1c[1].jpg 7ae7c8f3cd7c94a5ac6f9d1665fd48bfb5762b207624a6f34432e163a658abc9
- DNS requests
- domain reussitebienetre.numerica-asbl.be
- domain whatismyipaddress.com
- domain whatsmyip.net
- Connections
- ip 109.234.165.74
- ip 82.197.218.97
- ip 86.59.21.38
- ip 62.214.6.61
- ip 104.16.154.36
- ip 154.59.112.69
- ip 104.18.34.131
- HTTP/HTTPS requests
- url http://whatismyipaddress.com/
- url http://reussitebienetre.numerica-asbl.be/wp-content/cache/et/8/1c.jpg
- url http://whatsmyip.net/
- OpenDir
- http://reussitebienetre.numerica-asbl.be/wp-content/cache/et/8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement