CloudSword Ransomware - IOC


1) Ransomware Name - CloudSword

2) Encrypted Extensions - NA

3) Ransom Note File - Warning警告.html

4) Encrypted Algprithm - NA

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
***dw2dzfkwejxaskxr.onion.to
***renerenbit.com
***www.coinbase.com
103.208.86.18:80 - Новая Зеландия
См. ниже результаты анализов.


8) File Details -
the MD5 9b4ce929b851356ad3117109cc5cc719
the SHA1 025035293fab465922df917a9dbaf6bc98ee3308
the SHA256 3863e74c4140691871a382425e92795895f0f21edf0eaed7a62ba8c474ab2a02
ssdeep1536: D3eVMZb2nIkq + Wtbe4f6HnRWJ1coJcpmN8E + zD390wCqDRc1eKuO5Ypd6JtWakNf: DeIzRXbe4 + OBtaWbY
authentihash  ab7db9e19270660ecad4e2922f8dd7be5e39d5d65190dbf6aeae395b69e84664
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 109.5 KB (112128 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments