Tag: Cerber

R

Rig EK at 109.234.37.218 Drops Cerber

IOCs: 162.144.210.253 – armyaviationmagazine.com – Compromised Site 109.234.37.218 – re.flighteducationfinancecompany.com – Rig EK 31.184.234.0/24 and 31.184.235.0/24 – UDP traffic via port 6892 Traffic Associated With Cerber Compromise: 148.251.6.214 – btc.blockr.io – Bitcoin blockchain explorer 173.254.231.111 – ffoqr3ug7m726zou.fwzxnb.bid – Page for Cerber Decryptor 173.254.231.111 – ffoqr3ug7m726zou.ywoi5n.bid – Page for Cerber Decryptor 173.254.231.111 – ffoqr3ug7m726zou.8dlgyg.bid – Page ...

E

EITest Gate at 85.93.0.13 Leads to Rig EK at 109.234.38.67 Which Drops Cerber Ransomware

IOCs: 85.93.0.13 – kavafo.xyz – EITest Gate 109.234.38.67 – qw.thesleepdoctormattress.com – Rig EK 162.250.144.215 – ip-api.com – GET /json – IP Check 115.28.36.224 – http://www.doswf.com – Associated with Rig EK Flash Exploit 91.223.89.201 – Decryptor Site – Associated Files 148.251.6.214 – btc.blockr.io – Associated with BitCoin Information 31.184.234.0/24 and 31.184.235.0/24 via UDP port 6892 Hashes: ...