Vice Society Ransomware Group Targets Manufacturing Companies Indicators of Compromise ----------------------------------------------------------------- SHA-256 Detectio name Ransom note, file extensions and other details ----------------------------------------------------------------- f366e079116a11c618edcb3e8bf24bcd2ffe3f72a6776981bf1af7381e504d61 Ransom.Win64.VICESOCIETY.THKAHBB ALL YOUR FILES ARE ENCRYPTED!!!.v-society .v-society 1df9b68a8642e6d1fcb786d90a1be8d9633ee3d49a08a5e79174c7150061faa8 Ransom.Win64.VICESOCIETY.YXCKNT AllYFilesAE! .v1cesO0ciety 3aef9575f8467e6ffe1eaae358569095554808b57a4abee9eb8011b1c390fa6d Ransom.Win64.VICESOCIETY.A ALL YOUR FILES ARE ENCRYPTED!!! .v-s0c13ty da0332ace0a9ccdc43de66556adb98947e64ebdf8b3289e2291016215d8c5b4c Ransom.Win64.RANSREVY.THAAFBC. Recovery.txt Rans_recovery f366e079116a11c618edcb3e8bf24bcd2ffe3f72a6776981bf1af7381e504d61 Ransom.Win64.VICESOCIETY.THKAHBB ALL YOUR FILES ARE ENCRYPTED!!! .v-society 7c26041f8a63636d43a196f5298c2ab694a7fcbfa456278aa51757fd82c237d4 Ransom.Win64.RANSREVY.THAAFBC. AAA! .crypted 1df9b68a8642e6d1fcb786d90a1be8d9633ee3d49a08a5e79174c7150061faa8 Ransom.Win64.VICESOCIETY.YXCKNT AllYFilesAE! .v1cesO0ciety ----------------------------------------------------------------- Other Cobalt Strike binaries ----------------------------------------------------------------- SHA-256 Cobalt Strike C&C ----------------------------------------------------------------- cdb82be1b9dd6391ed068124cfdf2339d71dd70f6f76462a7e4a0fdadd5a208a Backdoor.Win64.COBEACON.YXCKXZ 020.57thandnormal.com Version: TLS 1.2 890736d072ff1e983333c6b248e9fbd7380a84dce5c175192dd8bbc9b5e917b5 Backdoor.Win64.COBEACON.YXCKFZ Serial Number: 04e0834cadba7966b67ca677b26726f82ede 6e7b4d2ca25630c88d5af6d61cd57d3084e0f266d13f576a6b3cafdda6a9b85e Backdoor.Win64.COBEACON.YXCKFZ Thumbprint: 605674a0e28e6c431a977800c5a9dd97dbedf75c f51bb4637f429a2c2cd3b8d27c83cdfaab2349148865fe3d83a50f531021c4d4 Backdoor.Win64.COBEACON.YXDAKT r1.57thandnormal.com ----------------------------------------------------------------- Other binaries ----------------------------------------------------------------- SHA-256 Description ----------------------------------------------------------------- f51bb4637f429a2c2cd3b8d27c83cdfaab2349148865fe3d83a50f531021c4d4 Backdoor.Win64.COBEACON.YXDAKT Cobalt Strike 49d01f2e32808e24dc8129d3c1ebe444f71792ddec2efabee354335fc6d6f64c HackTool.MSIL.Rubeus.SM Rubeus hacktool 56e4739efcc0ded77a251ad7b4844d8536fe30d5 (SHA-256 not available) Ransom.Win32.ZEPPELIN.SMTH Zeppelin Ransomware d241df7b9d2ec0b8194751cd5ce153e27cc40fa4 (SHA-256 not available) HackTool.Win64.Mimikatz.EOI Mimikatz Hacktool 94bc7b115bce0eba58ffdcc58e37d79b6fe15b22ad347aea00fe3a1641725027 PE_NESHTA.A NESHTA file infector ----------------------------------------------------------------- URL Classification ----------------------------------------------------------------- Description URL Rating Cobalt Strike C&C 020.57thandnormal.com C&C Server Cobalt Strike C&C r1.57thandnormal.com C&C Server Vice Society site ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion Ransomware Vice Society site ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion Ransomware Vice Society site wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion Ransomware Vice Society site vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion Ransomware Vice Society site vsocietyjynbgmz4n4lietzmqrg2tab4roxwd2c2btufdwxi6v2pptyd.onion Ransomware Vice Society site fuckcisanet5nzv4d766izugxhnqqgiyllzfynyb4whzbqhzjojbn7id.onion Ransomware Vice Society site fuckfbrlvtibsdw5rxtfjxtog6dfgpz62ewoc2rpor2s6zd5nog4zxad.onion Ransomware