← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
WizardSpider Group IOC
WHITE WIZARD SPIDER PRODAFT_ 2022-05-22 Modified: 2022-06-21
26
IOCs
MEDIUM VOLUME
These IOCs were released as part of our threat intelligence research on the WizardSpider Group. The PRODAFT Threat Intelligence team detected and gained visibility into WizardSpider’s ransomware infrastructure and analyzed its findings to gain insight into how the criminal operation works. The group is also known by the various malware variants it uses (Ryuk, Trickbot, and Conti, among others). It is a financially motivated cybercrime group first identified in 2017.
wizardspiderransomwareryukcontitrickbotbazarloader
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Conti Ransomware Backdoor:Win64/Bazarloader Backdoor:Win32/Bazarloader SystemBC
Indicators of Compromise (8 / 26 total)
All domain FileHash-SHA256 FileHash-SHA1 FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 42b2201b3dcdec3c3c47bd3111865fbd Conti Ransomware 2022-05-22
FileHash-MD5 7bcf458ae5ca667fcdb5f033594e8c76 Conti Ransomware 2022-05-22
FileHash-MD5 07c805af5a18ca017be3bd849273fd24 Conti Ransomware 2022-05-22
FileHash-MD5 44a9346496911307cda7480a340039af Conti Ransomware 2022-05-22
FileHash-MD5 cd1d39cd2719b0bf4f6022665b59ce5f Conti Ransomware 2022-05-22
FileHash-MD5 0df0bbe98e2f9502362d8e4e20dc3251 Conti Ransomware 2022-05-22
FileHash-MD5 958a6a2237fcf5cd9d64f9dd3cd8c45f Conti Ransomware 2022-05-22
FileHash-MD5 b50feea60b2caf7b4566b5c12f1d8cd7 Conti Ransomware 2022-05-22
References (1)
↗ https://www.prodaft.com/de/ressourcen/detail/ws-wizard-spider-group-depth-analysis