GandCrab_Ransomware_IOCs_23-01-2019

1. #GandCrab #V5.1 #Ransomware
2. -----------------------------------
3. 23-01-2019 IOC's
4. -----------------------------------
5. Main object- "6d20fce7ff12863ee648eff76a6e77e67bd78fb93fd137456ceb134de4b30be1.bin.gz"
6. sha256 a9d5bbbb5362438df5944d02fe54ddedc823a28e6d2b97f30d11d09f9b8da08d
7. sha1 b36e9573d95e918427b24e3d29ea7d9fd389d5a2
8. md5 6ec3df812b92c85421bfa9049c4d8e10
9. Dropped executable file
10. sha256 C:\windows\temp\putty.exe f7eeda93bcde57d67b4a418077ae47f1f922fab7188a994cb1795ce6d833eeb8
11. DNS requests
12. domain www.kakaocorp.link
13. Connections
14. ip 205.185.117.187
15. ip 138.201.162.99
16. HTTP/HTTPS requests
17. url http://205.185.117.187/olalala/putty.exe
18. url http://www.kakaocorp.link/