← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
AWS.DEV | Ransom REevil | MaaS -Mirai , Makop , Sodinokibi | 6.13.25 Appears ti be ongoing
WHITE Q.Vashti 2026-05-13 Modified: 2026-05-13
516
IOCs
HIGH VOLUME
filehashmd5filehashsha1showingcopyrightlevelbluepacker entropype featurespe unknownresource nameallocates rwxnetwork icmpantivm networkexe nolookupproxy wpaddead hosttoolsgenericdeletes selfransomevaderactivelearnck idname tacticssuspiciousinformativeinstallsadversarieswindowsmodulesregistrypersistenceexecutionserviceunitedpathflagdateaccess typegermany germanycreatehttp headertcp trafficet infoentropyhybridmaliciousgeneralclickstringsinjectremoteencrypt filespythonglobalwin32 exepe32intelms windowswin32 dynamiclink librarywin16 neicons libraryos2 executablepe32 compileroverlaydatape32 executableborland delphidelphi genericmd5 codeempty hashfile typesuccessregopenkeyexwregopenkeyexahkeycurrentuservirtualallocexcreatefilewgenericreadhkeyclassesrootgenericwriteregsetvalueexwdesktopwebviewmirairusssian datareevilmoney docgmt flagserverunited kingdomfrance franceukraine ukrainellc nameviet namshowcvebad trafficfalseerrortagsipv4url httpsurl httpsearchtype indicatorrole titleadded activerelated pulsesentriesmonitortargetmembersmaasattackmitre att
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ransom:Win32/Makop.PA!MTB Trojan/Win32.BlueCrab.R331768 Trojan.Ransom.Sodinokibi Emotet Virus.Neshta Mirai RANSOM_REvil Labeled as: Ransom.Sodinokibi.Generic
Indicators of Compromise (36 / 516 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
hostname ds.nordicgames.at 2026-05-13
hostname ns1.ukraine.com.ua 2026-05-13
hostname www.beaconhealthsystem.org 2026-05-13
hostname www.carrybrands.nl 2026-05-13
hostname www.filmaka.us 2026-05-13
hostname www.frequency.fr 2026-05-13
hostname www.hwfsweden.se 2026-05-13
hostname www.mlab.org.ua 2026-05-13
hostname www.naturstein-hotte.de 2026-05-13
hostname www.praktikum-china.de 2026-05-13
hostname www.sweering.fr 2026-05-13
hostname www.zimmerei-fl.de 2026-05-13
hostname www1.proresult.no 2026-05-13
hostname bayan.ns.cloudflare.com 2026-05-13
hostname lee.ns.cloudflare.com 2026-05-13
hostname ns01.one.com 2026-05-13
hostname ns1.digitalocean.com 2026-05-13
hostname ns43.domaincontrol.com 2026-05-13
hostname ns67.worldnic.com 2026-05-13
hostname ouryoungminds.wordpress.com 2026-05-13
hostname steamlcommunity.ru.com 2026-05-13
hostname 22deploy-delete-app-eu-west-1-0.deploy-delete-test-eu-west-1-oigwi9v.us-east-1.forgeapps.ec2.aws.dev 2026-05-13
hostname aisux.aws.dev 2026-05-13
hostname alex.aws.dev 2026-05-13
hostname askjarvis.aws.dev 2026-05-13
hostname atrium.aws.dev 2026-05-13
hostname automated-runbooks.aws.dev 2026-05-13
hostname 250amembers.dirtsearch.org 2026-05-13
hostname 252fwww.dirtsearch.org 2026-05-13
hostname dashboard.dirtsearch.org 2026-05-13
hostname ds1.dirtsearch.org 2026-05-13
hostname filter.dirtytoes.com 2026-05-13
hostname free.dirtytoes.com 2026-05-13
hostname members.dirtsearch.org 2026-05-13
hostname www.dirtsearch.org 2026-05-13
hostname www.user.dirtytoes.com 2026-05-13
References (9)
↗ RANSOM_REvil - https://www.nextron-systems.com/notes-on-virustotal-matches/ ↗ YARA: Matches rule MAL_RANSOM_REvil_Oct20_1 from ruleset crime_ransom_revil by Florian Roth (Nextron Systems) ↗ YARA: Matches rule Windows_Ransomware_Sodinokibi_83f05fbe from ruleset Windows_Ransomware_Sodinokibi by Elastic Security ↗ YARA: Matches rule win_revil_auto from ruleset win.revil_auto by Felix Bilstein - yara-signator at cocacoding dot com ↗ https://otx.alienvault.com/malware/Ransom:Win32/Makop/ ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ Permissions requested: SE_DEBUG_PRIVILEGE SE_LOAD_DRIVER_PRIVILEGE ↗ Behaviour: Extract file to system directory