API tools faq
paste
Advertisement
G0dR4p3

2Shade_Ransomware_IOCs_06-02-2019

G0dR4p3
Feb 6th, 2019
1,498
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. #Shade #Troldesh #Ransomware #Opendir #AdminPanel
  2. -------------------------------
  3. 06-02-2019 IOC's
  4. -------------------------------
  5. Main object- "66cc60f6b4a36fc49e14058fdc50614b288467f9ea40b714f2c55bcced08c6fb.bin.gz"
  6. sha256 7375b87307dd09116edb9f9a61a8e6f69fc02c9ecbd9db4913b120eef909c8d7
  7. sha1 7a8f7f702b48d8e66653e059e044cc15552fb57c
  8. md5 8e92999b51a1e0a51e842f0204bb7bf7
  9. Dropped executable file
  10. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\messg[1].jpg f8f4de2f06c6c00b170ed88b4ed8d68dd01b48745f70ffce38407b82ae05c0e7
  11. sha256 C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\_locales\it\PyFxTcv3mJ5gVRfxLMMSAPurth2TIYRsYAF0j-hHDvk=.906D0F2E2F604F839E04.crypted000007 3b41720c4ca11e190808994bfed1ae62a0306bace2dd4c0e9b092ce3ab90227a
  12. DNS requests
  13. domain bergras.ru
  14. domain www.ri-photo.com
  15. domain whatismyipaddress.com
  16. domain whatsmyip.net
  17. Connections
  18. ip 91.218.228.154
  19. ip 208.113.155.199
  20. ip 194.109.206.212
  21. ip 217.234.213.193
  22. ip 86.59.21.38
  23. ip 188.118.198.244
  24. ip 193.23.244.244
  25. ip 77.68.11.42
  26. ip 104.16.155.36
  27. ip 104.18.34.131
  28. ip 104.16.154.36
  29. HTTP/HTTPS requests
  30. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/messg.jpg
  31. url http://bergras.ru/profiles/default/translations/dixi.grup.zakaz.zip
  32. url http://whatismyipaddress.com/
  33. url http://www.ri-photo.com/favicon.ico
  34. url http://whatsmyip.net/
  35. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/common_config.php
  36. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/system_m.php
  37. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/admin.css
  38. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/menu_settings.php
  39. url http://www.ri-photo.com/wp-content/themes/asteria-lite/
  40. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/
  41. url http://www.ri-photo.com/wp-content/
  42. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/engine_functions.php
  43. url http://www.ri-photo.com/wp-content/themes/asteria-lite/css/tick.png
  44. --------------------------------------------------
  45. ADMIN PANEL --> http://www.ri-photo.com/wp-content/themes/asteria-lite/css/engine_functions.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!