{ "type": "MD5", "indicator": "28dae07573fecee2b28137205f8d9a98", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "28dae07573fecee2b28137205f8d9a98", "validation": [], "base_indicator": { "id": 3411, "indicator": "28dae07573fecee2b28137205f8d9a98", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "5525528e13432a055e241313", "name": "KRIPTOVOR: Infostealer Ransomware", "description": "", "modified": "2015-07-29T17:38:53.801000", "created": "2015-04-08T16:08:46.955000", "tags": [ "Ransomware", "Infostealer" ], "references": [ "https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "URL": 13, "email": 8, "FileHash-MD5": 62, "Mutex": 6 }, "indicator_count": 94, "is_author": false, "is_subscribing": null, "subscriber_count": 376780, "modified_text": "3912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65707cd9a34bf593b37c355a", "name": "yarex_vx-underground", "description": "", "modified": "2023-12-06T13:53:29.793000", "created": "2023-12-06T13:53:29.793000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3714, "FileHash-MD5": 10234, "hostname": 55, "FileHash-SHA1": 3714, "domain": 42, "YARA": 112, "URL": 88, "email": 12 }, "indicator_count": 17971, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "860 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "61ea34c6808f9758bc050bdf", "name": "yarex_vx-underground", "description": "yarex/vx-underground\n\nhttps://github.com/resteex0/yarex", "modified": "2022-02-20T00:05:37.403000", "created": "2022-01-21T04:21:26.478000", "tags": [ "vx_underground2_shinolocker", "compat", "yara rule", "set author", "identifier", "rule set", "group", "acenqvzzceiow", "yvvsrpmljigecb", "hhjhlln", "pprpttvpxxzx", "nblockuse", "dbcsbuffer", "clsid", "chartable", "callout", "rcscript", "wow64", "inprocserver32", "device", "getmodel", "ctokenbase", "ueba", "pchunter", "wl5pllp", "l56a21wl5", "bdglp", "mao5dpswl5", "rule", "cryptopp", "concurrency", "window position", "floating", "oici", "beilosvy", "ole automation", "typeapplication", "hmaf", "pfvfkcrbi", "jnvxyc", "ycmazdnb", "myob", "moon", "fnrtvx85p", "otherfilezilla", "storageleveldb", "left", "right", "mssqlfdlauncher", "profxengagement", "sbsmonitoring", "sharepoint", "systembgc", "gettags", "findallcore", "getenumerator", "createchildren", "dropdownglyph", "xfnpzpwm1", "publickey", "flatedecode", "accd", "xwys", "olceofgigjclm", "zzyuqrst", "ccomcoclass", "vcperfbar", "clsidperfbar", "b8b4b0b", "e11e", "ajijqjnajij", "pluginshortname", "progid", "setnodevalue", "null", "brfighter", "imesentencemode", "winnt", "static", "init", "contacto", "ppaa", "lkkdpvvyk", "fxhqsosrrw", "fcgttgu", "namespace3http", "cbdbeb", "darkgreen", "ausername", "ryfagccx", "systemfolder", "powershell", "updateprogress", "ueaaxhh", "programs", "ekndxkijjubn", "ety4ev2", "mws11sr", "vwwm6m3sv6n", "ktmp", "see http", "voisrtjiosd", "vrotumvolitg", "40432", "imowwwg", "hyperlink http", "a80do68ncfmhg", "clmpprev", "dimpprev", "enmpprev", "enmpstop", "dwdscrange1", "abbschevis", "timestamp", "cottleakela", "installer", "lastcpu", "abcbc", "adddedededefg", "oqsuwy", "acegikmprtvxz", "bcfghklpstuwx", "o3o5o7o9o", "yy0y3y5y6y", "ycyfyrysyyy", "zlib", "makemirror", "decimal", "word", "asiasamarkand", "direct", "cgpointdd", "currentreq", "base", "cgrect", "cgsizedd", "ljavalangstring", "installeragent", "blockinvoke", "appdelegate", "finishmsg", "djdea", "aomkjinl1", "zyvffbe", "eefhibcliff", "programfiles", "ainfbf", "qxyl", "dhldtdbcagmst", "oktxtdtrsqw", "adope player", "nodeset", "abijopqruvyz", "attribute", "instnop", "atomicinc", "y61y", "system", "generics", "collections", "classes", "controls", "graphics", "tlisthelper", "types", "winapi", "forms", "write", "insert", "getclass", "first", "next", "copy", "keepalive", "find", "error", "comp", "capturecallback", "statecallback", "innerlayout", "filesexcalibur", "http", "iaomaomark1", "wandevice1", "itkgroih", "dggcmpxzm", "mzmz", "eeizqafngzeiagf", "radioitem", "oiaooim", "formatul", "2izvpg", "linkid316963", "linkid316964", "linkid316967", "edqppoyx", "tvalue", "antimalware", "programdata", "stringfileinfo", "y1y01y2y1y", "class", "oniowrite", "wsasend", "allocate", "datadefault", "startiocpserver", "changeicon", "username", "ihjhkhlhmh", "azaz09", "windowssystem32", "windows", "dvfa", "kwloyj", "windir", "dosdevicesc", "rlkajrv", "qwla", "ghgpgxg", "searchterms", "bonjo", "closehandle", "iixitipilihidi", "iixipihi", "i8i0i", "01236575988", "qasctdufzh", "kmndresnxzy", "edfdsrwv", "zmtdw", "dqax45ogfmwrp", "t125jhba", "wuy0859lnru", "r5jhpa", "fabdwkmnnlekf", "sha512", "keyid", "chromiumuser", "slimjetuser", "clmpstop", "acedeceiver", "launch", "file2dev", "filemgr", "qaehaav", "agenttesla", "data source", "amavaldo", "amavaldo group", "submitnextfile", "aname", "aparam", "iwtop", "path", "vendorlib", "ljavalangstr", "androidpsiphone", "google play", "cffww", "androidxavier", "agnrzz", "ywspkg", "feimkjijhd", "01569", "beda", "noon", "andromeda", "andromeda group", "asyncrat", "asyncrat group", "ursa", "vsha1", "tfss", "upkcs1v15", "clonableimpl", "algorithmimpl", "iteratedhash", "enumtotype", "w4byteorder", "atomsilo", "data", "state", "avemaria", "avemaria group", "server", "serveraddins", "redirector", "azorult", "azorult group" ], "references": [ "Azorult.yar", "Ave Maria.yar", "AtomSilo.yar", "AsyncRAT.yar", "Andromeda.yar", "Android.Xavier.yar", "Android.Psiphone.yar", "Android.Hummingbad.yar", "Amavaldo.yar", "AgentTesla.yar", "AceDeceiver.yar", "Zumanek.yar", "Zeus.yar", "YanluowangRansomware.yar", "XFilesStealer.yar", "Werdlod.yar", "Virlock.yar", "Vermin.yar", "Valyria.yar", "TrickGate.yar", "Tor2Mine.yar", "Tinba.yar", "TeslaCrypt.yar", "Stegoloader.yar", "Stantinko.yar", "SnakeKeylogger.yar", "SmokeLoader.yar", "SkypeWorm.yar", "Skype Worm.yar", "Siloscape.yar", "ShinoLocker.yar", "ShimRAT.yar", "Shell Crew.yar", "Sanya.yar", "Samsam Ransomware.yar", "Sakula.yar", "RokRAT.yar", "Remcos.yar", "RedLine.yar", "Reaver.yar", "Razy.yar", "RawPOS.yar", "Ramdo.yar", "RaccoonStealer.yar", "QuasarRAT.yar", "Pysa.yar", "Pushdo.yar", "Punkey.yar", "ProjectSauron.yar", "Powersniff.yar", "Poseidon.yar", "Pony.yar", "PlugX.yar", "PlatinumGroup.yar", "PIVY.yar", "Phorpiex.yar", "Pegasus.yar", "PassCV.yar", "Oscorp.yar", "Ohagi.yar", "NvRendererMiner.yar", "Numando.yar", "NjRat.yar", "NitlovePOS.yar", "NetWire RAT.yar", "NetFilter.yar", "Necro.yar", "Nanocore.yar", "Nanhaishu.yar", "MosesStaff.yar", "Molerats.yar", "MNKit.yar", "Mirai.yar", "Medusa Locker.yar", "MassLogger.yar", "Magnat.yar", "MacOS.Zuru.yar", "MacOS.XCSSET.yar", "MacOS.Tarmac.yar", "MacOS.Shlayer.yar", "MacOS.Pirrit.yar", "MacOS.Macma.yar", "MacOS.LaoShu.yar", "MacOS.Kitm.yar", "MacOS.KeRanger.yar", "MacOS.Dummy.yar", "MacOS.Convuster.yar", "MacOS.Cointicker.yar", "MacOS.Calisto.yar", "MacOS.BirdMiner.yar", "MacOS.AdLoad.yar", "Lokibot.yar", "Loda RAT.yar", "Locky Ransomware.yar", "LockerGoga.yar", "Linux.Spike.yar", "LeetMX.yar", "Kriptovor.yar", "KRBanker.yar", "Keybase.yar", "Jupyter.yar", "JSocket.yar", "ImminentMonitor.yar", "HawkEye Keylogger.yar", "HaronRansomware.yar", "GuLoader.yar", "GriftHorse.yar", "Grief.yar", "GoSearch.yar", "Glupteba.yar", "GlobeImposterRansomware.yar", "Gauss.yar", "FritzFrog.yar", "FormBook.yar", "Filmkan.yar", "FighterPOS.yar", "Fareit.yar", "FakeDivX.yar", "Exaramel.yar", "Escelar.yar", "Emotet.yar", "Emdivi.yar", "Elirks.yar", "Dyre.yar", "DnSpyTrojan.yar", "Djvu.yar", "DiavolRansomware.yar", "DecafRansomware.yar", "DearCry Ransomware.yar", "DCRat.yar", "Daserf.yar", "DarkVNC.yar", "Darkside.yar", "DanaBot.yar", "CVE-2017-11882.yar", "CVE-2017-10271.yar", "Curator Ransomware.yar", "CubaRansomware.yar", "CryptoFortress.yar", "CryptBot.yar", "Conti.yar", "Coinvault.yar", "CobaltStrike.yar", "Cobalt Strike.yar", "Clownic Ransomware.yar", "Chapak.yar", "CertBreaker.yar", "CerberRansomware.yar", "BotenaGo.yar", "Blackhole EK.yar", "Bizarro.yar", "BitRAT.yar", "Bedep.yar", "BasBanke.yar", "Bartalex.yar", "Banload.yar", "BandarChor Ransomware.yar", "Babuk.yar", "Babadeda.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "vx_underground2_ShinoLocker", "display_name": "vx_underground2_ShinoLocker", "target": null }, { "id": "Compat", "display_name": "Compat", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1024", "name": "Custom Cryptographic Protocol", "display_name": "T1024 - Custom Cryptographic Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "resteex0", "id": "175858", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10234, "FileHash-SHA1": 3714, "FileHash-SHA256": 3714, "YARA": 151, "domain": 42, "hostname": 55, "URL": 88, "email": 12 }, "indicator_count": 18010, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "GlobeImposterRansomware.yar", "DecafRansomware.yar", "MacOS.XCSSET.yar", "Sakula.yar", "MacOS.AdLoad.yar", "Banload.yar", "MacOS.BirdMiner.yar", "FritzFrog.yar", "JSocket.yar", "QuasarRAT.yar", "GoSearch.yar", "MacOS.KeRanger.yar", "Curator Ransomware.yar", "Skype Worm.yar", "FormBook.yar", "Razy.yar", "MacOS.Shlayer.yar", "SkypeWorm.yar", "Siloscape.yar", "MacOS.Dummy.yar", "NjRat.yar", "Molerats.yar", "XFilesStealer.yar", "Ave Maria.yar", "GriftHorse.yar", "ShinoLocker.yar", "Magnat.yar", "Amavaldo.yar", "Reaver.yar", "Babadeda.yar", "CVE-2017-11882.yar", "Ohagi.yar", "Azorult.yar", "https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html", "Gauss.yar", "Daserf.yar", "SmokeLoader.yar", "Oscorp.yar", "PlugX.yar", "ImminentMonitor.yar", "Grief.yar", "Bartalex.yar", "TeslaCrypt.yar", "Stegoloader.yar", "Nanocore.yar", "MacOS.Macma.yar", "Djvu.yar", "Jupyter.yar", "Coinvault.yar", "MacOS.Tarmac.yar", "AceDeceiver.yar", "TrickGate.yar", "NetWire RAT.yar", "Blackhole EK.yar", "Medusa Locker.yar", "Valyria.yar", "Exaramel.yar", "Pysa.yar", "Tor2Mine.yar", "Shell Crew.yar", "Werdlod.yar", "AtomSilo.yar", "MassLogger.yar", "Locky Ransomware.yar", "PassCV.yar", "Filmkan.yar", "CVE-2017-10271.yar", "PIVY.yar", "CerberRansomware.yar", "Loda RAT.yar", "Stantinko.yar", "RaccoonStealer.yar", "BasBanke.yar", "Chapak.yar", "Dyre.yar", "Cobalt Strike.yar", "DearCry Ransomware.yar", "ShimRAT.yar", "MacOS.LaoShu.yar", "Glupteba.yar", "LockerGoga.yar", "CubaRansomware.yar", "Linux.Spike.yar", "Necro.yar", "RawPOS.yar", "MacOS.Convuster.yar", "BitRAT.yar", "Android.Xavier.yar", "AgentTesla.yar", "NitlovePOS.yar", "Keybase.yar", "DCRat.yar", "FakeDivX.yar", "MosesStaff.yar", "Clownic Ransomware.yar", "Zeus.yar", "Fareit.yar", "Bizarro.yar", "Darkside.yar", "NvRendererMiner.yar", "Numando.yar", "BandarChor Ransomware.yar", "Vermin.yar", "Samsam Ransomware.yar", "MacOS.Kitm.yar", "MacOS.Zuru.yar", "AsyncRAT.yar", "NetFilter.yar", "Sanya.yar", "Kriptovor.yar", "MacOS.Calisto.yar", "SnakeKeylogger.yar", "CobaltStrike.yar", "Phorpiex.yar", "DarkVNC.yar", "GuLoader.yar", "Babuk.yar", "Pegasus.yar", "YanluowangRansomware.yar", "Remcos.yar", "CryptBot.yar", "Andromeda.yar", "Mirai.yar", "RokRAT.yar", "Pushdo.yar", "BotenaGo.yar", "LeetMX.yar", "Poseidon.yar", "MNKit.yar", "Emotet.yar", "KRBanker.yar", "FighterPOS.yar", "HawkEye Keylogger.yar", "Punkey.yar", "ProjectSauron.yar", "MacOS.Cointicker.yar", "Powersniff.yar", "DnSpyTrojan.yar", "CryptoFortress.yar", "Lokibot.yar", "Emdivi.yar", "DanaBot.yar", "Elirks.yar", "MacOS.Pirrit.yar", "Virlock.yar", "Pony.yar", "Escelar.yar", "Ramdo.yar", "PlatinumGroup.yar", "Zumanek.yar", "HaronRansomware.yar", "Nanhaishu.yar", "Android.Psiphone.yar", "Android.Hummingbad.yar", "Bedep.yar", "DiavolRansomware.yar", "Conti.yar", "RedLine.yar", "Tinba.yar", "CertBreaker.yar" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Compat", "Vx_underground2_shinolocker" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "5525528e13432a055e241313", "name": "KRIPTOVOR: Infostealer Ransomware", "description": "", "modified": "2015-07-29T17:38:53.801000", "created": "2015-04-08T16:08:46.955000", "tags": [ "Ransomware", "Infostealer" ], "references": [ "https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 5, "URL": 13, "email": 8, "FileHash-MD5": 62, "Mutex": 6 }, "indicator_count": 94, "is_author": false, "is_subscribing": null, "subscriber_count": 376780, "modified_text": "3912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65707cd9a34bf593b37c355a", "name": "yarex_vx-underground", "description": "", "modified": "2023-12-06T13:53:29.793000", "created": "2023-12-06T13:53:29.793000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3714, "FileHash-MD5": 10234, "hostname": 55, "FileHash-SHA1": 3714, "domain": 42, "YARA": 112, "URL": 88, "email": 12 }, "indicator_count": 17971, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "860 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "61ea34c6808f9758bc050bdf", "name": "yarex_vx-underground", "description": "yarex/vx-underground\n\nhttps://github.com/resteex0/yarex", "modified": "2022-02-20T00:05:37.403000", "created": "2022-01-21T04:21:26.478000", "tags": [ "vx_underground2_shinolocker", "compat", "yara rule", "set author", "identifier", "rule set", "group", "acenqvzzceiow", "yvvsrpmljigecb", "hhjhlln", "pprpttvpxxzx", "nblockuse", "dbcsbuffer", "clsid", "chartable", "callout", "rcscript", "wow64", "inprocserver32", "device", "getmodel", "ctokenbase", "ueba", "pchunter", "wl5pllp", "l56a21wl5", "bdglp", "mao5dpswl5", "rule", "cryptopp", "concurrency", "window position", "floating", "oici", "beilosvy", "ole automation", "typeapplication", "hmaf", "pfvfkcrbi", "jnvxyc", "ycmazdnb", "myob", "moon", "fnrtvx85p", "otherfilezilla", "storageleveldb", "left", "right", "mssqlfdlauncher", "profxengagement", "sbsmonitoring", "sharepoint", "systembgc", "gettags", "findallcore", "getenumerator", "createchildren", "dropdownglyph", "xfnpzpwm1", "publickey", "flatedecode", "accd", "xwys", "olceofgigjclm", "zzyuqrst", "ccomcoclass", "vcperfbar", "clsidperfbar", "b8b4b0b", "e11e", "ajijqjnajij", "pluginshortname", "progid", "setnodevalue", "null", "brfighter", "imesentencemode", "winnt", "static", "init", "contacto", "ppaa", "lkkdpvvyk", "fxhqsosrrw", "fcgttgu", "namespace3http", "cbdbeb", "darkgreen", "ausername", "ryfagccx", "systemfolder", "powershell", "updateprogress", "ueaaxhh", "programs", "ekndxkijjubn", "ety4ev2", "mws11sr", "vwwm6m3sv6n", "ktmp", "see http", "voisrtjiosd", "vrotumvolitg", "40432", "imowwwg", "hyperlink http", "a80do68ncfmhg", "clmpprev", "dimpprev", "enmpprev", "enmpstop", "dwdscrange1", "abbschevis", "timestamp", "cottleakela", "installer", "lastcpu", "abcbc", "adddedededefg", "oqsuwy", "acegikmprtvxz", "bcfghklpstuwx", "o3o5o7o9o", "yy0y3y5y6y", "ycyfyrysyyy", "zlib", "makemirror", "decimal", "word", "asiasamarkand", "direct", "cgpointdd", "currentreq", "base", "cgrect", "cgsizedd", "ljavalangstring", "installeragent", "blockinvoke", "appdelegate", "finishmsg", "djdea", "aomkjinl1", "zyvffbe", "eefhibcliff", "programfiles", "ainfbf", "qxyl", "dhldtdbcagmst", "oktxtdtrsqw", "adope player", "nodeset", "abijopqruvyz", "attribute", "instnop", "atomicinc", "y61y", "system", "generics", "collections", "classes", "controls", "graphics", "tlisthelper", "types", "winapi", "forms", "write", "insert", "getclass", "first", "next", "copy", "keepalive", "find", "error", "comp", "capturecallback", "statecallback", "innerlayout", "filesexcalibur", "http", "iaomaomark1", "wandevice1", "itkgroih", "dggcmpxzm", "mzmz", "eeizqafngzeiagf", "radioitem", "oiaooim", "formatul", "2izvpg", "linkid316963", "linkid316964", "linkid316967", "edqppoyx", "tvalue", "antimalware", "programdata", "stringfileinfo", "y1y01y2y1y", "class", "oniowrite", "wsasend", "allocate", "datadefault", "startiocpserver", "changeicon", "username", "ihjhkhlhmh", "azaz09", "windowssystem32", "windows", "dvfa", "kwloyj", "windir", "dosdevicesc", "rlkajrv", "qwla", "ghgpgxg", "searchterms", "bonjo", "closehandle", "iixitipilihidi", "iixipihi", "i8i0i", "01236575988", "qasctdufzh", "kmndresnxzy", "edfdsrwv", "zmtdw", "dqax45ogfmwrp", "t125jhba", "wuy0859lnru", "r5jhpa", "fabdwkmnnlekf", "sha512", "keyid", "chromiumuser", "slimjetuser", "clmpstop", "acedeceiver", "launch", "file2dev", "filemgr", "qaehaav", "agenttesla", "data source", "amavaldo", "amavaldo group", "submitnextfile", "aname", "aparam", "iwtop", "path", "vendorlib", "ljavalangstr", "androidpsiphone", "google play", "cffww", "androidxavier", "agnrzz", "ywspkg", "feimkjijhd", "01569", "beda", "noon", "andromeda", "andromeda group", "asyncrat", "asyncrat group", "ursa", "vsha1", "tfss", "upkcs1v15", "clonableimpl", "algorithmimpl", "iteratedhash", "enumtotype", "w4byteorder", "atomsilo", "data", "state", "avemaria", "avemaria group", "server", "serveraddins", "redirector", "azorult", "azorult group" ], "references": [ "Azorult.yar", "Ave Maria.yar", "AtomSilo.yar", "AsyncRAT.yar", "Andromeda.yar", "Android.Xavier.yar", "Android.Psiphone.yar", "Android.Hummingbad.yar", "Amavaldo.yar", "AgentTesla.yar", "AceDeceiver.yar", "Zumanek.yar", "Zeus.yar", "YanluowangRansomware.yar", "XFilesStealer.yar", "Werdlod.yar", "Virlock.yar", "Vermin.yar", "Valyria.yar", "TrickGate.yar", "Tor2Mine.yar", "Tinba.yar", "TeslaCrypt.yar", "Stegoloader.yar", "Stantinko.yar", "SnakeKeylogger.yar", "SmokeLoader.yar", "SkypeWorm.yar", "Skype Worm.yar", "Siloscape.yar", "ShinoLocker.yar", "ShimRAT.yar", "Shell Crew.yar", "Sanya.yar", "Samsam Ransomware.yar", "Sakula.yar", "RokRAT.yar", "Remcos.yar", "RedLine.yar", "Reaver.yar", "Razy.yar", "RawPOS.yar", "Ramdo.yar", "RaccoonStealer.yar", "QuasarRAT.yar", "Pysa.yar", "Pushdo.yar", "Punkey.yar", "ProjectSauron.yar", "Powersniff.yar", "Poseidon.yar", "Pony.yar", "PlugX.yar", "PlatinumGroup.yar", "PIVY.yar", "Phorpiex.yar", "Pegasus.yar", "PassCV.yar", "Oscorp.yar", "Ohagi.yar", "NvRendererMiner.yar", "Numando.yar", "NjRat.yar", "NitlovePOS.yar", "NetWire RAT.yar", "NetFilter.yar", "Necro.yar", "Nanocore.yar", "Nanhaishu.yar", "MosesStaff.yar", "Molerats.yar", "MNKit.yar", "Mirai.yar", "Medusa Locker.yar", "MassLogger.yar", "Magnat.yar", "MacOS.Zuru.yar", "MacOS.XCSSET.yar", "MacOS.Tarmac.yar", "MacOS.Shlayer.yar", "MacOS.Pirrit.yar", "MacOS.Macma.yar", "MacOS.LaoShu.yar", "MacOS.Kitm.yar", "MacOS.KeRanger.yar", "MacOS.Dummy.yar", "MacOS.Convuster.yar", "MacOS.Cointicker.yar", "MacOS.Calisto.yar", "MacOS.BirdMiner.yar", "MacOS.AdLoad.yar", "Lokibot.yar", "Loda RAT.yar", "Locky Ransomware.yar", "LockerGoga.yar", "Linux.Spike.yar", "LeetMX.yar", "Kriptovor.yar", "KRBanker.yar", "Keybase.yar", "Jupyter.yar", "JSocket.yar", "ImminentMonitor.yar", "HawkEye Keylogger.yar", "HaronRansomware.yar", "GuLoader.yar", "GriftHorse.yar", "Grief.yar", "GoSearch.yar", "Glupteba.yar", "GlobeImposterRansomware.yar", "Gauss.yar", "FritzFrog.yar", "FormBook.yar", "Filmkan.yar", "FighterPOS.yar", "Fareit.yar", "FakeDivX.yar", "Exaramel.yar", "Escelar.yar", "Emotet.yar", "Emdivi.yar", "Elirks.yar", "Dyre.yar", "DnSpyTrojan.yar", "Djvu.yar", "DiavolRansomware.yar", "DecafRansomware.yar", "DearCry Ransomware.yar", "DCRat.yar", "Daserf.yar", "DarkVNC.yar", "Darkside.yar", "DanaBot.yar", "CVE-2017-11882.yar", "CVE-2017-10271.yar", "Curator Ransomware.yar", "CubaRansomware.yar", "CryptoFortress.yar", "CryptBot.yar", "Conti.yar", "Coinvault.yar", "CobaltStrike.yar", "Cobalt Strike.yar", "Clownic Ransomware.yar", "Chapak.yar", "CertBreaker.yar", "CerberRansomware.yar", "BotenaGo.yar", "Blackhole EK.yar", "Bizarro.yar", "BitRAT.yar", "Bedep.yar", "BasBanke.yar", "Bartalex.yar", "Banload.yar", "BandarChor Ransomware.yar", "Babuk.yar", "Babadeda.yar" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "vx_underground2_ShinoLocker", "display_name": "vx_underground2_ShinoLocker", "target": null }, { "id": "Compat", "display_name": "Compat", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1024", "name": "Custom Cryptographic Protocol", "display_name": "T1024 - Custom Cryptographic Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "resteex0", "id": "175858", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10234, "FileHash-SHA1": 3714, "FileHash-SHA256": 3714, "YARA": 151, "domain": 42, "hostname": 55, "URL": 88, "email": 12 }, "indicator_count": 18010, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "28dae07573fecee2b28137205f8d9a98", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "28dae07573fecee2b28137205f8d9a98", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776236120.2494924 }