← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
WizardSpider Group IOC
WHITE WIZARD SPIDER PRODAFT_ 2022-05-22 Modified: 2022-06-21
26
IOCs
MEDIUM VOLUME
These IOCs were released as part of our threat intelligence research on the WizardSpider Group. The PRODAFT Threat Intelligence team detected and gained visibility into WizardSpider’s ransomware infrastructure and analyzed its findings to gain insight into how the criminal operation works. The group is also known by the various malware variants it uses (Ryuk, Trickbot, and Conti, among others). It is a financially motivated cybercrime group first identified in 2017.
wizardspiderransomwareryukcontitrickbotbazarloader
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Conti Ransomware Backdoor:Win64/Bazarloader Backdoor:Win32/Bazarloader SystemBC
Indicators of Compromise (26)
All domain FileHash-SHA256 FileHash-SHA1 FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
domain xeyaze.com Intrusion Servers 2022-05-22
domain cupertinosmile.com Intrusion Servers 2022-05-22
FileHash-SHA256 4fc1d216bc0c511f652fa5cff64628adf7dd7ad372b66403521ae1b8afaa3d1d Conti Ransomware 2022-05-22
FileHash-SHA1 fff914f4c10a666a0113fb24ca4221cb2b951a39 Conti Ransomware 2022-05-22
FileHash-MD5 42b2201b3dcdec3c3c47bd3111865fbd Conti Ransomware 2022-05-22
FileHash-SHA256 ce4b41c4783a6060f32e2aad72102dee1bd0b286d3c604158793999ca148505c Conti Ransomware 2022-05-22
FileHash-SHA1 4fbc8491254152ee8f408e8ed7b21758dc8dbc3d Conti Ransomware 2022-05-22
FileHash-MD5 7bcf458ae5ca667fcdb5f033594e8c76 Conti Ransomware 2022-05-22
FileHash-SHA256 f2c7bb181ca14dc874739cc13849c2d015c9b8be65a17fa19590e7a470c8e071 Conti Ransomware 2022-05-22
FileHash-SHA1 473e28830bd7d08bacce6a641d86153bb7a11574 Conti Ransomware 2022-05-22
FileHash-MD5 07c805af5a18ca017be3bd849273fd24 Conti Ransomware 2022-05-22
FileHash-SHA256 34b223e6593efe3ce49d203de01d8cb501524ef445a3f735bb17850d875266d7 Conti Ransomware 2022-05-22
FileHash-SHA1 fff51a99be3c60dbecbcdef92d1f57d180bf5672 Conti Ransomware 2022-05-22
FileHash-MD5 44a9346496911307cda7480a340039af Conti Ransomware 2022-05-22
FileHash-SHA256 992c4f7a005566abed8e1a419c9fb6af16c617bdaa3e1605cb69fda5f8a789a3 Conti Ransomware 2022-05-22
FileHash-SHA1 15329bea37ef2f759beaa5e2465bf27ed30c4f69 Conti Ransomware 2022-05-22
FileHash-MD5 cd1d39cd2719b0bf4f6022665b59ce5f Conti Ransomware 2022-05-22
FileHash-SHA256 29d9613a1668a93d813d662b5ef5e282ac81acddc6b4d9e0a2157c84b74c85f6 Conti Ransomware 2022-05-22
FileHash-SHA1 5d0ca18052ba178bb9c907d73d7e0016ddc5aeea Conti Ransomware 2022-05-22
FileHash-MD5 0df0bbe98e2f9502362d8e4e20dc3251 Conti Ransomware 2022-05-22
FileHash-SHA256 799fa73ddf4a98d0d71f213c3a70675af3ac42db0531f5d2e4ae7c81256a4549 Conti Ransomware 2022-05-22
FileHash-SHA1 bed42081aac6e6e4010f64a1e397fa0cb92b57d7 Conti Ransomware 2022-05-22
FileHash-MD5 958a6a2237fcf5cd9d64f9dd3cd8c45f Conti Ransomware 2022-05-22
FileHash-SHA256 66e66cd3ec6f39b483ed7b48ca02a6a4917129f62f800c6033c4f78f2f9282f5 Conti Ransomware 2022-05-22
FileHash-SHA1 6263f5c1ec3dd4f85bfddf2b8dcaae2619272ff7 Conti Ransomware 2022-05-22
FileHash-MD5 b50feea60b2caf7b4566b5c12f1d8cd7 Conti Ransomware 2022-05-22
References (1)
↗ https://www.prodaft.com/de/ressourcen/detail/ws-wizard-spider-group-depth-analysis