← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Ransomware attack ConnectCare Alberta - 07.12.25
WHITE Disable_Duck 2025-07-15 Modified: 2025-08-14
2108
IOCs
HIGH VOLUME
On 07.12.25 ConnectCare Alberta experienced what was initially thought to be an outtage or downtime. Further analysis of data captured in realtime reveals this to not be the case. Healthcare Provider and patient services were disrupted across multiple zone in the Province of Alberta. Other organizations impacted include: The Government of Alberta, The Alberta NDP, The Alberta UCP, The University of Alberta, both Alberta Health Services & Covenant Health, Telus Communications, United Nurses of Alberta, Alberta Physicians Association, Treaty 8 FNA & Confederacy of Treaty Six, in addition to the City of Edmonton. Graph:
entityAlbertaAlberta Health ServicesCovenent HealthAlberta NDPTreaty 6Treaty 7Treaty 8UAlbertaConnect CareTelusRogersCity of EdmontonEdmonton Police ServicesUnited Nurses of AlbertaAlberta Medical AssociationEduRoamDGAAlberta DoctorsUniversity of CalgaryAlberta UCPMinistry of Advanced EducationMinistry of HealthMinistry of Tech & InnovationRansomwareBotnet
Indicators of Compromise (60 / 2108 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://109.1.110.0 2025-07-15
URL http://129.128.0.0 2025-07-15
URL http://130.204.150.54/install.htm 2025-07-15
URL http://131.232.72.0 2025-07-15
URL http://142.1.120.0 2025-07-15
URL http://142.150.190.0 2025-07-15
URL http://142.244.0.0 2025-07-15
URL http://162.244.228.0 2025-07-15
URL http://17.36.202.255 2025-07-15
URL http://198.161.218.0 2025-07-15
URL http://198.73.178.0 2025-07-15
URL http://199.185.2.0 2025-07-15
URL http://206.12.88.0 2025-07-15
URL http://206.12.96.0 2025-07-15
URL http://208.75.74.0 2025-07-15
URL http://209.115.220.0 2025-07-15
URL http://52.101.190.0 2025-07-15
URL http://52.101.192.0 2025-07-15
URL http://54.39.36.0 2025-07-15
URL http://8.41.5.0 2025-07-15
URL http://9.1.4.0 2025-07-15
URL http://99.0.0.0 2025-07-15
URL http://exdeflyl.ru/avalon3.exe 2025-07-15
URL http://glacier.suroot.com:443/0/?a 2025-07-15
URL http://glacier.suroot.com:443/0?a 2025-07-15
URL http://glacier.suroot.com:443/a/ 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/1 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/aa1 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/aa2 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/aa3 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/aa4 2025-07-15
URL http://glacier.suroot.com:443/a/yPzAJaNk/z 2025-07-15
URL http://ns1.chopsuwey.com/ 2025-07-15
URL http://resources.connect-care.ca/ 2025-07-15
URL http://131.107.255.255 2025-07-15
URL http://172.68.8.0 2025-07-15
URL http://172.71.28.0 2025-07-15
URL http://18.119.83.255 2025-07-15
URL http://511.alberta.ca/features/ab/en_cameras.json 2025-07-15
URL http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js 2025-07-15
URL http://connectivitycheck.gstatic.com/generate_204 2025-07-15
URL https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js 2025-07-15
URL https://api.parse.com/2/create 2025-07-15
URL https://clients3.google.com/generate_204 2025-07-15
URL https://compose.mail.yahoo.com/ 2025-07-15
URL https://firebase-settings.crashlytics.com/spi/v2/platforms/android/gmp/1:647429869610:android:8174923ebb64f9ea/settings?instance=e7caacfea0c2f23a6638306fea3312de3d1525d2&build_version=16270&display_version=4.122.1&source=1 2025-07-15
URL https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html 2025-07-15
URL https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v4-shims.min.css?token=e52756d273 2025-07-15
URL https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-solid-900-13.woff2 2025-07-15
URL https://kit.fontawesome.com/e52756d273.js 2025-07-15
URL https://www.albertahealthservices.ca/assets/image/icons/icomoon/fonts/icomoon.ttf?4qwf1v 2025-07-15
URL https://www.albertahealthservices.ca/images/ahs.png 2025-07-15
URL https://www.albertahealthservices.ca/js/fallback.min.js 2025-07-15
URL https://www.albertahealthservices.ca/js/global.min.js?v=20231031 2025-07-15
URL https://www.albertahealthservices.ca/js/wet-boew.min.js 2025-07-15
URL https://www.blogger.com/blog_this.pyra 2025-07-15
URL https://www.google-analytics.com/analytics.js 2025-07-15
URL https://www.googletagmanager.com/gtm.js?id=GTM-MVXWW76 2025-07-15
URL https://www.linkedin.com/shareArticle 2025-07-15
URL https://www.youtube.com/embed/GbKCr16-wz0?rel=0&showinfo=0&autohide=1&wmode=transparent 2025-07-15
References (4)
↗ https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark ↗ https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb ↗ https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs ↗ https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649