Tag: Philadelphia Ransomware
RIG Exploit Kit at 185.154.53.7 Drops Pony, Downloads Philadelphia Ransomware.
IOCs HTTP Traffic: 160.153.131.96 – serene.rushpcb.co.uk – GET /usde.php 185.154.53.7 – add.venicebeachsurflodge.com – RIG exploit kit VirusTotal report showing URLs resolving to that IP 89.45.67.99 – POST /ppp/gate.php – Pony callback traffic 86.106.93.17 – GET /degate/de.exe – Philadelphia ransomware 86.106.93.17 – GET /de/de.php? – Philadelphia ransomware callback traffic Hashes: SHA256: 19f765ddf0242a6676e9eb2fb28f8095211ab1edad15025c3532f662de3aa954 File name: serene.rushpcb.co.ukusde.php.txt SHA256: ...
Malware breakdown 