API tools faq
paste
Advertisement
G0dR4p3

Shade_Ransomware_IOCs_21-01-2019

G0dR4p3
Jan 21st, 2019
803
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.06 KB | None | 0 0
raw download clone embed print report
  1. #Shade #Troldesh #Ransomware
  2. --------------------------------------
  3. 21-01-2019 IOC's
  4. --------------------------------------
  5. Main object- "b5d9ee0dfced8f3da4aafce52d06d8e5de5caad68f8f569c33f41efe1f344eb8.bin.gz"
  6. sha256 84ba0a5529da08cd469c53f309c2f6f83e2246c93dcf2c05380a9f179b39e598
  7. sha1 43a04d60c64496bd34d3e7935510c1da61b85f50
  8. md5 869dbaca4e5c3ffff39aa2f637c81651
  9. Dropped executable file
  10. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\ssj[1].jpg d3378c99134259db2ada97669007f90af17798fb9a8f2c33f3f8e00ab223f8d3
  11. DNS requests
  12. domain www.eleinad.org
  13. domain stockmoneymade.com
  14. domain whatismyipaddress.com
  15. domain whatsmyip.net
  16. Connections
  17. ip 185.53.160.206
  18. ip 89.46.105.68
  19. ip 104.16.20.96
  20. ip 163.172.21.117
  21. ip 131.188.40.189
  22. ip 51.15.113.238
  23. ip 86.59.21.38
  24. ip 104.18.34.131
  25. ip 104.244.78.147
  26. HTTP/HTTPS requests
  27. url http://www.eleinad.org/wp-content/themes/dt-the7/css/compatibility/woo-fonts/ssj.jpg
  28. url http://whatismyipaddress.com/
  29. url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!