Indicator of compromise for Thanos Ransomware

We collected the IOC for the latest variant of Thanos ransomware from the recorded future update.

Please refer their reports: 

https://www.recordedfuture.com/thanos-ransomware-builder/

https://go.recordedfuture.com/hubfs/reports/cta-2020-0610.pdf

Thanos Ransomware hashes (SHA256)

• 7a7a5110cb9a8ee361c9c65f06293667451e5200d21db72954002e5725971950

• 5b5802805784b265c40c8af163b465f1430c732c60dd1fbec80da95378ae45b7

• 7e6db426de4677efbf2610740b737da03c68a7c6295aca1a377d1df4d35959e5

• d1b634201a6158a90f718a082c0fe0ee1769ff4b613dd9756a34318fa61eea47

• e63aeb1aa61c38a5bed126b41ca587a892de0311730b892aee77541a761e1a02

• 940df3b1cf603388cf9739cc208c1a88adfe39d2afe51e24a51878adca2be4e3

• a1bab429b3b18fdb8e4fec493bd53e89c0f87147d902ff41a0f6dcd61c159553

• e67fa8978e6c22f4d54604a54c3ac54e631128eed819d37355c2ad80e74507a5

• b99e0b750b3815fec3b292ede3f94524c8bede7d158334295e096518e9cde0ad

• 989a9d2e08fcba4059ebc55afc049f34d2a12bfdd1e14f468ee8b5c27c9e7bda

• db3ef67666e18047aa24a90bfa32ca456641209147703853413d56eb74d44673

• 10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5

• 049425dac929baf288c44c981ef63417d097fb95f5199c9f33e5ef5e2ec20590

• f1388fbe51253d8f07a98eabfe0422e39821d936166cc85c92a0418854ae15fb

• cea80fe543aec9c6b4a4628ec147e8a41cac766c2cd52c0ca86a19f9ef348fc3

• 8a2b54d273d01f8d5f42311d5402950bb9983648a39b943c729314a97ede15a2

• aae00e2532ae5093e8c0a623bffcc4c447d04e89237438c52cb473854c715724

• fd8c3259b8e80b8220c6053aa9b045676d1e3fe09356ed94b5e47fb5b895ff92

• 23d7693284e90b752d40f8c0c9ab22da45f7fe3219401f1209c89ac98a4d7ed3

• e256a9f20479f29e229f594ef6ab91be75bff9e3f0784030ac0feb8868f4abc1

• 7a38f70d923669a989ea52fa1c356c5ac7ccce4067a37782973466102e3d27f6

• 53806ba5c9b23a43ddbfa669798d46e715b55a5d88d3328c5af15ba7f26fbadd

• 871eef727aaad88b734bb372f19e72ccf38034195666c35390f5c3064f5469a3

• edcac243808957cc898d4a08a8b0d5eaf875f5f439a3ca0acfaf84522d140e7e

Hakbit Samples (SHA256)

• 86ed000fa2dd99f2b2341da607c904c0b510f98ead65be12b358e3f73e624cb6

• c8f18fb0baf81b31daa929499b2dcaa7f297bd05ec1ecff319ae5e8b34dade00

• ff1a88c2ad5df435a978c63d21a6ab0642134785284b01137e18dd235197b66d

• 3ccf57e60cdf89d04f2c7e744d73e3b40a4308a2ba87d0423c96f601d737733f

• f7d7111653c43476039efd370fb39fcdb2c22a3f1bb89013af643b45fb3af467

• 8a2b54d273d01f8d5f42311d5402950bb9983648a39b943c729314a97ede15a2

• 917905ba95c10847e0bf3bc66332ae05616a0ddd965a00ae8ec3431ed11c39d2

• 5849966984f270b200fd80e086d2565a5a7d4ee0743677640f45b97b46e49082

• 3f83fd42af95185e19e537708dccdf1539dcab1ce73783c2741b4c1929dcc020

• 794369bc9a06041f906910309b2ce45569a03c378ff0468b6335d4f653f190ab

• 9784148014987a39d87265c015962e9535ed86e861093a6c59691095a19be7c2

• f0c0c989b018ee24cbd7548cec4e345fd34f491d350983fddb5ddc1ad1f4ba9f

• 871eef727aaad88b734bb372f19e72ccf38034195666c35390f5c3064f5469a3

• a95f9d82097bdfa2dd47e075b75d09907d5913e5c15d05c926de0d8bbce9698f

• 81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e

• 916aeaa51050f25dbbcefc1be1820457e1d9d755a44d2d0cf62155f75c54127c

• 17314793d751b66f4afc1fac1c0ab0c21f2c9f67e473e8ba235bc79d7e0ea1b0

• 34b93f1989b272866f023c34a2243978565fcfd23869cacc58ce592c1c545d8e

• 855dcd368dbb01539e7efa4b3fefa9b56d197db87b1ba3ede5e1f95927ea2ca3

• 09fd6a13fbe723eec2fbe043115210c1538d77627b93feeb9e600639d20bb332

• befc6ff8c63889b72d1f5aec5e5accc1b4098a83cd482a6bb85182ecd640b415

Post by

newWorld