← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
AWS.DEV | Ransom REevil | MaaS -Mirai , Makop , Sodinokibi | 6.13.25 Appears ti be ongoing
WHITE Q.Vashti 2026-05-13 Modified: 2026-05-13
516
IOCs
HIGH VOLUME
filehashmd5filehashsha1showingcopyrightlevelbluepacker entropype featurespe unknownresource nameallocates rwxnetwork icmpantivm networkexe nolookupproxy wpaddead hosttoolsgenericdeletes selfransomevaderactivelearnck idname tacticssuspiciousinformativeinstallsadversarieswindowsmodulesregistrypersistenceexecutionserviceunitedpathflagdateaccess typegermany germanycreatehttp headertcp trafficet infoentropyhybridmaliciousgeneralclickstringsinjectremoteencrypt filespythonglobalwin32 exepe32intelms windowswin32 dynamiclink librarywin16 neicons libraryos2 executablepe32 compileroverlaydatape32 executableborland delphidelphi genericmd5 codeempty hashfile typesuccessregopenkeyexwregopenkeyexahkeycurrentuservirtualallocexcreatefilewgenericreadhkeyclassesrootgenericwriteregsetvalueexwdesktopwebviewmirairusssian datareevilmoney docgmt flagserverunited kingdomfrance franceukraine ukrainellc nameviet namshowcvebad trafficfalseerrortagsipv4url httpsurl httpsearchtype indicatorrole titleadded activerelated pulsesentriesmonitortargetmembersmaasattackmitre att
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ransom:Win32/Makop.PA!MTB Trojan/Win32.BlueCrab.R331768 Trojan.Ransom.Sodinokibi Emotet Virus.Neshta Mirai RANSOM_REvil Labeled as: Ransom.Sodinokibi.Generic
Indicators of Compromise (102 / 516 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain 1kbk.com.ua 2026-05-13
domain 4lowin.com 2026-05-13
domain airsonett.se 2026-05-13
domain aprepol.com 2026-05-13
domain artallnightdc.com 2026-05-13
domain arte57.com.br 2026-05-13
domain assistlasvegas.com 2026-05-13
domain bargningavesta.se 2026-05-13
domain beaconhealthsystem.org 2026-05-13
domain beautychance.se 2026-05-13
domain bestbet.com 2026-05-13
domain better.town 2026-05-13
domain binder-buerotechnik.at 2026-05-13
domain boldcitydowntown.com 2026-05-13
domain boulderwelt-muenchen-west.de 2026-05-13
domain cafe-mariya.kz 2026-05-13
domain carlosja.com 2026-05-13
domain carrybrands.nl 2026-05-13
domain celeclub.org 2026-05-13
domain cleliaekiko.online 2026-05-13
domain commercialboatbuilding.com 2026-05-13
domain createachange.co.uk 2026-05-13
domain danubecloud.com 2026-05-13
domain dirittosanitario.biz 2026-05-13
domain dolcevita.kh.ua 2026-05-13
domain dublikator.com 2026-05-13
domain dubscollective.com 2026-05-13
domain effortlesspromo.com 2026-05-13
domain fisioterapiakaizen.com 2026-05-13
domain florianfeuerwehrmann.com 2026-05-13
domain formedlia.se 2026-05-13
domain forskolorna.org 2026-05-13
domain forward.com.ua 2026-05-13
domain frequency.fr 2026-05-13
domain furuspesialisten.com 2026-05-13
domain gamesboard.info 2026-05-13
domain gmto.fr 2026-05-13
domain go2l.ink 2026-05-13
domain hobbysamlaren.se 2026-05-13
domain hwfsweden.se 2026-05-13
domain insigniapmg.com 2026-05-13
domain kassadainteriors.co.uk 2026-05-13
domain kenhnoithatgo.com 2026-05-13
domain koko-nora.dk 2026-05-13
domain kyledata.de 2026-05-13
domain labelleflowers.co.uk 2026-05-13
domain latortueblanche.com 2026-05-13
domain leda-ukraine.com.ua 2026-05-13
domain lesfleursdugolfe.fr 2026-05-13
domain ligiercenter-sachsen.de 2026-05-13
domain lionware.de 2026-05-13
domain littlemarquis.be 2026-05-13
domain marathonerpaolo.com 2026-05-13
domain menuiseriepichon.fr 2026-05-13
domain mlab.org.ua 2026-05-13
domain moveonnews.com 2026-05-13
domain musictreehouse.net 2026-05-13
domain naturstein-hotte.de 2026-05-13
domain navyfederalautooverseas.com 2026-05-13
domain nsec.se 2026-05-13
domain nybingosajt.se 2026-05-13
domain oneplusresource.org 2026-05-13
domain projetlyonturin.fr 2026-05-13
domain qlcalendar.com 2026-05-13
domain rbktg.com 2026-05-13
domain readberserk.com 2026-05-13
domain renergysolution.com 2026-05-13
domain restorangnezdo.ru 2026-05-13
domain rissafety.com 2026-05-13
domain rksbusiness.com 2026-05-13
domain rollingrockcolumbia.com 2026-05-13
domain roygolden.com 2026-05-13
domain ruudhofstee.nl 2026-05-13
domain scenepublique.net 2026-05-13
domain schmalhorst.de 2026-05-13
domain selfoutlet.com 2026-05-13
domain servicegsm.net 2026-05-13
domain siluet-decor.ru 2026-05-13
domain simplecleanbeauty.com 2026-05-13
domain slankenett.no 2026-05-13
domain slashdb.com 2026-05-13
domain stoneys.ch 2026-05-13
domain storyline.no 2026-05-13
domain stupbratt.no 2026-05-13
domain surespark.org.uk 2026-05-13
domain sweering.fr 2026-05-13
domain theduke.de 2026-05-13
domain thekingsway.org 2026-05-13
domain transportesycementoshidalgo.es 2026-05-13
domain vorotauu.ru 2026-05-13
domain wari.com.pe 2026-05-13
domain wgsoft.de 2026-05-13
domain xn--fn-kka.no 2026-05-13
domain xn--thucmctc-13a1357egba.com 2026-05-13
domain zimmerei-fl.de 2026-05-13
domain nic.at 2026-05-13
domain s48.as 2026-05-13
domain svchost.com 2026-05-13
domain devilspen.com 2026-05-13
domain domains.amazon 2026-05-13
domain dirtsearch.org 2026-05-13
domain dirtytoes.com 2026-05-13
References (9)
↗ RANSOM_REvil - https://www.nextron-systems.com/notes-on-virustotal-matches/ ↗ YARA: Matches rule MAL_RANSOM_REvil_Oct20_1 from ruleset crime_ransom_revil by Florian Roth (Nextron Systems) ↗ YARA: Matches rule Windows_Ransomware_Sodinokibi_83f05fbe from ruleset Windows_Ransomware_Sodinokibi by Elastic Security ↗ YARA: Matches rule win_revil_auto from ruleset win.revil_auto by Felix Bilstein - yara-signator at cocacoding dot com ↗ https://otx.alienvault.com/malware/Ransom:Win32/Makop/ ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ Permissions requested: SE_DEBUG_PRIVILEGE SE_LOAD_DRIVER_PRIVILEGE ↗ Behaviour: Extract file to system directory