API tools faq
paste
Advertisement
G0dR4p3

Shade_Ransomware_IOCs_23-01-2019

G0dR4p3
Jan 23rd, 2019
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.22 KB | None | 0 0
raw download clone embed print report
  1. #Shade #Troldesh #Ransomware #Trojan
  2. ---------------------------------------
  3. 23-01-2019 IOC's
  4. ---------------------------------------
  5. Main object- "1d517bc28ca11eacadcdd3ab2ba0aaf167ac47541978d960c558e7496953c411.bin.gz"
  6. sha256 6406ff02c1529d291f9339450eceac0d39e56e0c085df495a0c6eb6a316246a6
  7. sha1 c0dc482fddfc4b1a8f43dbcb53b99eb584e32241
  8. md5 528e0db66dee478425f40908e6941910
  9. Dropped executable file
  10. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\ssj[1].jpg 12352cb3fcd048e8b8dc1efe47e0a70456e1ef9d17724201dcfe70ad500c39b2
  11. DNS requests
  12. domain tienlambds.com
  13. domain greenglobal.co.id
  14. domain whatismyipaddress.com
  15. domain whatsmyip.net
  16. Connections
  17. ip 203.113.172.116
  18. ip 202.52.147.118
  19. ip 104.16.18.96
  20. ip 104.18.35.131
  21. ip 128.31.0.39
  22. ip 131.188.40.189
  23. ip 95.216.138.138
  24. ip 76.73.17.194
  25. ip 66.223.151.183
  26. ip 85.214.212.153
  27. HTTP/HTTPS requests
  28. url http://greenglobal.co.id/wp-content/themes/avik/avik-functionality-plugin/ssj.jpg
  29. url http://whatismyipaddress.com/
  30. url http://whatsmyip.net/
  31. ---------------------------------------
  32. Main object- "81cf49092a72f280e619fc4087d8073909dbaf278836aacb49c00335fc338334.bin.gz"
  33. sha256 fb22b18185c7203b3a4847dd66ffc59e47ee40a1735dd102dcc947d6633210c1
  34. sha1 dd18dedc8a255435c112037cdfc480f7e7a76926
  35. md5 1a0afbd38bc7337eea22326ead41d50e
  36. Dropped executable file
  37. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\mxr[1].pdf c0c4b90379ef98aa9a6d4f62106a17e4492ef7bfbe4446270f11c713c2b76da9
  38. sha256 C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it\ZHmgMkWK6QYp2c5oPwYLfw1ipFCGcUar35XRTJV8SKw=.906D0F2E2F604F839E04.crypted000007 a0877fbe5ad0d755e23715f27222dcf98eab51c9d224dac6ecac1ac9aab4813f
  39. DNS requests
  40. domain artburo.moscow
  41. domain whatismyipaddress.com
  42. domain whatsmyip.net
  43. Connections
  44. ip 104.16.16.96
  45. ip 195.133.197.67
  46. ip 76.73.17.194
  47. ip 51.255.206.74
  48. ip 193.234.15.62
  49. ip 88.198.17.143
  50. ip 104.18.34.131
  51. ip 81.7.18.97
  52. ip 128.31.0.39
  53. ip 86.59.21.38
  54. HTTP/HTTPS requests
  55. url http://whatismyipaddress.com/
  56. url http://whatsmyip.net/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!