API tools faq
paste
Advertisement
G0dR4p3

GandCrab_Ransomware_IOCs_04-01-2019

G0dR4p3
Jan 4th, 2019
1,106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.23 KB | None | 0 0
raw download clone embed print report
  1. #GandCrab #Ransomware V5.0.4
  2. ------------------------------------
  3. 04-01-2018 IOC's
  4. ------------------------------------
  5. Main object- "03ff2e69bb279a9380edd42822788dba2b509c8430e5ed6c004d8c20db775d0e.bin.gz"
  6. sha256 dd63125be7f7a531da209808d867da467b47d8949d2e391ddb4a270b1e04647b
  7. sha1 d5fefb868260553ea8ab0b7ff73759bbfe6e5312
  8. md5 c2e3ba704fb3a1a4e94f91576d47b704
  9. Dropped executable file
  10. sha256 C:\Users\admin\AppData\Local\Temp\494950006.exe bce4c97daa3ae1c1702046b2f8d7952ab076da8b6c9544331b08e76de21c005d
  11. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\1[1].exe f018326456daf09fc5cab41e9254d6ff1e8320ffd74c87668ba60ab27a7a0cb7
  12. DNS requests
  13. domain www.haargenau.biz
  14. domain www.2mmotorsport.biz
  15. domain www.bizziniinfissi.com
  16. domain www.pizcam.com
  17. domain www.holzbock.biz
  18. domain www.fliptray.biz
  19. domain www.whitepod.com
  20. domain www.hotelweisshorn.com
  21. domain www.swisswellness.com
  22. domain www.belvedere-locarno.com
  23. domain www.hardrockhoteldavos.com
  24. domain www.seitensprungzimmer24.com
  25. domain seitensprungzimmer24.com
  26. domain www.morcote-residenza.com
  27. domain www.hrk-ramoz.com
  28. domain www.hotelfarinet.com
  29. domain www.bnbdelacolline.com
  30. domain www.aubergemontblanc.com
  31. domain www.arbezie-hotel.com
  32. domain www.alpenlodge.com
  33. domain www.arbezie.com
  34. domain www.aparthotelzurich.com
  35. domain www.torhotel.com
  36. domain elite-hotel.com
  37. domain www.hotelnationalzermatt.ch
  38. domain www.elite-hotel.com
  39. domain www.nationalzermatt.ch
  40. domain nationalzermatt.ch
  41. domain www.waageglarus.com
  42. domain www.bristol-adelboden.com
  43. domain www.nationalzermatt.com
  44. domain www.chambre-d-hote-chez-fleury.com
  45. domain www.hotelalbanareal.com
  46. domain www.mountainhostel.com
  47. domain www.apartmenthaus.com
  48. domain www.la-fontaine.com
  49. domain www.berginsel.com
  50. domain www.hotel-blumental.com
  51. domain www.limmathof.com
  52. domain bellevuewiesen.com
  53. domain www.luganohoteladmiral.com
  54. domain www.hotelgarni-battello.com
  55. domain www.hotel-zermatt.com
  56. domain www.hoteltruite.com
  57. domain www.geneva.frasershospitality.com
  58. domain www.seminarhotel.com
  59. domain www.bellevuewiesen.com
  60. domain www.kroneregensberg.com
  61. domain www.puurehuus.com
  62. domain www.eyholz.com
  63. domain www.stalden.com
  64. domain www.vignobledore.com
  65. domain www.schwendelberg.com
  66. domain www.hotelglanis.com
  67. domain www.hiexgeneva.com
  68. domain www.flemings-hotel.com
  69. domain www.nh-hotels.com
  70. domain www.petit-paradis.com
  71. domain www.berghaus-toni.com
  72. domain www.stchristophesa.com
  73. domain www.le-saint-hubert.com
  74. domain 16eme.com
  75. domain www.staubbach.com
  76. domain www.experimentalchalet.com
  77. domain www.16eme.com
  78. domain www.aubergecouronne.com
  79. domain www.guardagolf.com
  80. domain www.bonmont.com
  81. domain www.cm-lodge.com
  82. domain www.airporthotelbasel.com
  83. domain www.elite-biel.com
  84. domain www.samnaunerhof.com
  85. domain www.alimentarium.org
  86. domain www.hotellido-lugano.com
  87. domain guardagolf.com
  88. domain www.lassalle-haus.org
  89. domain www.vitatertia.org
  90. domain www.hotelchery.com
  91. domain www.ibis.com
  92. domain www.mercure.com
  93. domain www.hotelolden.com
  94. domain www.huusgstaad.com
  95. domain www.relais-crosets.com
  96. domain www.lerichemond.com
  97. domain www.hotelrotonde.com
  98. domain www.kreatifs.net
  99. domain www.lacommune.net
  100. domain www.disch.mehrmarken.net
  101. domain www.gemperle.net
  102. domain www.neuhof.org
  103. domain www.hoteldreirosen.net
  104. domain www.calisto.net
  105. domain www.dermann.org
  106. domain www.r-coiffure.net
  107. domain neuhof.org
  108. domain www.ueberland-garage.mehrmarken.net
  109. domain www.osteriadelcentro.net
  110. domain www.garage-schwyn.mehrmarken.net
  111. domain www.cantinesurcoux.net
  112. domain www.von-arx.net
  113. domain www.nett-coiffure.ch
  114. domain www.farbecht.net
  115. domain www.celi-vegas-avocats.net
  116. domain www.salon-coiffure-geneve.net
  117. domain www.haaratelier.net
  118. Connections
  119. ip 104.108.61.140
  120. ip 92.63.197.48
  121. ip 83.166.148.69
  122. ip 217.26.53.161
  123. ip 104.24.22.22
  124. ip 104.24.23.22
  125. ip 104.31.72.20
  126. ip 107.154.114.25
  127. ip 136.243.13.215
  128. ip 136.243.162.140
  129. ip 149.126.4.83
  130. ip 149.126.4.15
  131. ip 145.239.37.26
  132. ip 149.202.81.123
  133. ip 149.126.4.89
  134. ip 138.201.162.99
  135. ip 149.126.4.66
  136. ip 185.230.62.177
  137. ip 185.199.108.153
  138. ip 185.230.62.161
  139. ip 178.209.55.26
  140. ip 173.212.202.129
  141. ip 185.81.1.20
  142. ip 185.62.170.1
  143. ip 185.51.191.29
  144. ip 188.165.51.93
  145. ip 188.165.40.130
  146. ip 185.58.214.100
  147. ip 185.92.220.44
  148. ip 192.185.159.253
  149. ip 188.227.206.226
  150. ip 193.246.38.196
  151. ip 193.246.63.157
  152. ip 194.51.187.22
  153. ip 194.246.118.10
  154. ip 194.51.187.23
  155. ip 199.34.228.70
  156. ip 212.59.186.61
  157. ip 195.201.207.213
  158. ip 195.141.45.95
  159. ip 217.26.54.189
  160. ip 217.26.52.10
  161. ip 213.186.33.50
  162. ip 213.186.33.16
  163. ip 213.186.33.4
  164. ip 217.26.54.21
  165. ip 213.129.84.57
  166. ip 213.186.33.17
  167. ip 213.186.33.5
  168. ip 217.26.53.37
  169. ip 46.32.228.22
  170. ip 217.26.61.109
  171. ip 52.210.177.133
  172. ip 217.26.60.27
  173. ip 52.17.9.185
  174. ip 217.26.55.5
  175. ip 5.144.168.210
  176. ip 52.2.192.9
  177. ip 79.170.40.230
  178. ip 62.2.99.251
  179. ip 74.220.215.73
  180. ip 63.33.82.40
  181. ip 80.244.187.247
  182. ip 80.74.138.109
  183. ip 69.16.175.10
  184. ip 52.215.121.40
  185. ip 78.46.77.98
  186. ip 80.74.155.80
  187. ip 81.169.242.208
  188. ip 80.74.149.78
  189. ip 80.74.149.162
  190. ip 81.23.73.70
  191. ip 80.74.153.84
  192. ip 80.74.145.65
  193. ip 80.74.144.93
  194. ip 80.74.155.10
  195. ip 80.74.142.130
  196. ip 83.166.138.107
  197. ip 83.166.138.7
  198. ip 93.88.241.198
  199. ip 83.138.82.107
  200. ip 83.137.114.198
  201. ip 88.198.6.106
  202. ip 89.107.184.10
  203. ip 94.126.23.52
  204. ip 83.166.138.8
  205. ip 94.247.24.38
  206. HTTP/HTTPS requests
  207. url http://92.63.197.48/m/mb.exe
  208. url http://www.haargenau.biz/news/graphic/eshe.png
  209. url http://92.63.197.48/m/1.exe
  210. url http://92.63.197.48/m/3.exe
  211. url http://92.63.197.48/m/5.exe
  212. url http://92.63.197.48/m/2.exe
  213. url http://92.63.197.48/m/4.exe
  214. url http://www.pizcam.com/
  215. url http://www.2mmotorsport.biz/
  216. url http://www.haargenau.biz/
  217. url http://www.bizziniinfissi.com/
  218. url http://www.holzbock.biz/
  219. url http://www.bizziniinfissi.com/wp-content/tmp/derude.png
  220. url http://www.fliptray.biz/
  221. url http://www.holzbock.biz/uploads/imgs/semoke.gif
  222. url http://www.swisswellness.com/
  223. url http://www.hotelweisshorn.com/
  224. url http://www.hotelweisshorn.com/includes/tmp/dadaam.png
  225. url http://www.hrk-ramoz.com/uploads/image/setheszu.gif
  226. url http://www.whitepod.com/
  227. url http://www.belvedere-locarno.com/
  228. url http://www.morcote-residenza.com/
  229. url http://www.hrk-ramoz.com/
  230. url http://www.seitensprungzimmer24.com/
  231. url http://www.hardrockhoteldavos.com/
  232. url http://www.hotelfarinet.com/
  233. url http://www.aubergemontblanc.com/
  234. url http://www.torhotel.com/
  235. url http://www.aubergemontblanc.com/content/imgs/sosohe.jpg
  236. url http://www.torhotel.com/static/graphic/amzukezukezu.png
  237. url http://www.arbezie-hotel.com/
  238. url http://www.alpenlodge.com/
  239. url http://www.arbezie.com/data/pictures/ruim.jpg
  240. url http://www.bnbdelacolline.com/
  241. url http://www.aparthotelzurich.com/
  242. url http://www.limmathof.com/
  243. url http://www.berginsel.com/
  244. url http://www.chambre-d-hote-chez-fleury.com/
  245. url http://www.elite-hotel.com/
  246. url http://www.hotel-blumental.com/
  247. url http://www.waageglarus.com/static/images/moimhe.bmp
  248. url http://www.waageglarus.com/
  249. url http://www.nationalzermatt.com/
  250. url http://www.apartmenthaus.com/
  251. url http://www.bristol-adelboden.com/
  252. url http://www.bellevuewiesen.com/
  253. url http://www.luganohoteladmiral.com/
  254. url http://www.la-fontaine.com/static/images/esimhe.jpg
  255. url http://www.hoteltruite.com/includes/imgs/keesmeme.bmp
  256. url http://www.hotelalbanareal.com/
  257. url http://www.mountainhostel.com/
  258. url http://www.hotelgarni-battello.com/
  259. url http://www.seminarhotel.com/
  260. url http://www.la-fontaine.com/
  261. url http://www.hoteltruite.com/
  262. url http://www.hotelgarni-battello.com/wp-content/graphic/zuesimes.png
  263. url http://www.kroneregensberg.com/
  264. url http://www.schwendelberg.com/wp-content/pictures/thdaka.bmp
  265. url http://www.puurehuus.com/
  266. url http://www.stchristophesa.com/news/pictures/amme.gif
  267. url http://www.stchristophesa.com/
  268. url http://www.nh-hotels.com/
  269. url http://kroneregensberg.com/de/
  270. url http://www.stalden.com/
  271. url http://www.hotel-zermatt.com/
  272. url http://kroneregensberg.com/
  273. url http://www.vignobledore.com/
  274. url http://www.stalden.com/index.cfm
  275. url http://www.schwendelberg.com/
  276. url http://www.hotelglanis.com/content/image/dedahe.jpg
  277. url http://www.16eme.com/
  278. url http://www.staubbach.com/
  279. url http://www.berghaus-toni.com/includes/graphic/medarumo.jpg
  280. url http://www.flemings-hotel.com/
  281. url http://www.petit-paradis.com/
  282. url http://www.hotelglanis.com/
  283. url http://www.berghaus-toni.com/
  284. url http://www.eyholz.com/
  285. url http://www.petit-paradis.com/static/tmp/mozufuim.gif
  286. url http://www.hiexgeneva.com/
  287. url http://www.vignobledore.com/wp-content/images/demeso.bmp
  288. url http://www.samnaunerhof.com/
  289. url http://www.guardagolf.com/
  290. url http://www.cm-lodge.com/
  291. url http://www.airporthotelbasel.com/
  292. url http://www.le-saint-hubert.com/includes/imgs/immeke.bmp
  293. url http://guardagolf.com/
  294. url http://www.bonmont.com/news/tmp/fuhe.gif
  295. url http://www.aubergecouronne.com/
  296. url http://www.le-saint-hubert.com/
  297. url http://www.experimentalchalet.com/
  298. url http://www.bonmont.com/
  299. url http://www.elite-biel.com/
  300. url http://www.hotelchery.com/
  301. url http://www.hotelchery.com/static/imgs/ruruhe.bmp
  302. url http://www.vitatertia.org/
  303. url http://www.lerichemond.com/
  304. url http://www.neuhof.org/
  305. url http://www.mercure.com/
  306. url http://www.hotellido-lugano.com/
  307. url http://www.hotelolden.com/
  308. url http://www.ibis.com/
  309. url http://www.relais-crosets.com/
  310. url http://www.dermann.org/
  311. url http://www.huusgstaad.com/
  312. url http://www.lassalle-haus.org/
  313. url http://www.alimentarium.org/
  314. url http://www.hotelrotonde.com/
  315. url http://www.hoteldreirosen.net/
  316. url http://www.hoteldreirosen.net/content/graphic/kathka.png
  317. url http://www.hoteldreirosen.net/news/pics/momofuse.gif
  318. url http://www.lacommune.net/wp-content/pics/fuamseheeszu.jpg
  319. url http://www.lacommune.net/
  320. url http://www.cantinesurcoux.net/news/tmp/serufumo.png
  321. url http://www.disch.mehrmarken.net/
  322. url http://www.osteriadelcentro.net/
  323. url http://www.gemperle.net/
  324. url http://www.cantinesurcoux.net/
  325. url http://www.hoteldreirosen.net/data/images/imdaesseim.gif
  326. url http://www.salon-coiffure-geneve.net/
  327. url http://www.ueberland-garage.mehrmarken.net/
  328. url http://www.garage-schwyn.mehrmarken.net/
  329. url http://www.nett-coiffure.ch/
  330. url http://www.salon-coiffure-geneve.net/news/pics/hezu.gif
  331. url http://www.haaratelier.net/
  332. url http://www.farbecht.net/
  333. url http://www.calisto.net/
  334. url http://www.r-coiffure.net/
  335. url http://www.haaratelier.net/uploads/tmp/thkathde.bmp
  336. url http://www.kreatifs.net/
  337. url http://www.gemperle.net/static/tmp/sefumesoim.png
  338. url http://www.farbecht.net/content/image/mofurude.gif
  339. url http://www.nett-coiffure.ch/uploads/assets/imsoamdamo.bmp
  340. url http://www.von-arx.net/
  341. url http://www.celi-vegas-avocats.net/
  342. url http://www.von-arx.net/includes/graphic/sedade.jpg
  343. -------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!