← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PlutoCrypt - A CryptoJoker Ransomware Variant - 0xToxin Labs
WHITE jeffchandy 2023-04-17 Modified: 2023-04-17
23
IOCs
MEDIUM VOLUME
In a series of blog posts, 0xToxinLabs breaks down a variant of CryptoJoker Ransomware, which is designed to hold people to ransom and demands that they hand over sensitive data.
authorenabledplutocryptstrongsystem32 folderdateprincipalslogontyperunlevelsettingscryptojokerschtasksphishcopypowershelltrimbitcoinmalware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (23)
All FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 20cf29f926a18b44f580137ddb65d81bc0ed419412910a7682ee7b95b186ac82 2023-04-17
FileHash-SHA256 6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073 2023-04-17
FileHash-SHA256 8279282e07e2fa82cad4f0cb0b450e77dab930a7db7c9488f663002753d79dde 2023-04-17
FileHash-SHA256 9026c67b52f9ddece9a7e203978e8aa9ffa5a128cf83a238c924dce141899aec 2023-04-17
FileHash-SHA256 b05328077aa1dd5dba4d8e25cb028dc4f533bd1dd69bc6d12ec2f8298598f803 2023-04-17
FileHash-SHA256 df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd 2023-04-17
FileHash-SHA256 e8527f309846d18fbf85289283dcde7b19063a50b11263ba0d36663df8fcfd30 2023-04-17
IPv4 199.192.20.58 CC=US ASN=AS22612 NAMECHEAP-NET 2023-04-17
URL http://hostdone.ddns.net/e 2023-04-17
URL http://hostdone.ddns.net/e' 2023-04-17
URL http://hostdone.ddns.net/pl.exe 2023-04-17
URL http://hostdone.ddns.net/pl.exe' 2023-04-17
URL http://hostdone.ddns.net/t.pd 2023-04-17
URL http://hostdone.ddns.net/t.pd' 2023-04-17
URL http://hostdone.ddns.net/task.xml 2023-04-17
URL http://hostdone.ddns.net/task.xml' 2023-04-17
URL http://hostdone.ddns.net/u.dl 2023-04-17
URL http://hostdone.ddns.net/u.dl' 2023-04-17
URL http://hostdone.ddns.net/x1.xml 2023-04-17
URL http://hostdone.ddns.net/x1.xml' 2023-04-17
domain deni.tk 2023-04-17
domain rufus.com 2023-04-17
hostname hostdone.ddns.net 2023-04-17
References (1)
↗ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/plutocrypt-a-cryptojoker-ransomware-variant