From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira

Domains/URLs

opmanager.pro

download-center.online

ev2sirbd269o5j.org

2rxyt8yrhq0bgj.org

d1hmxkpwby0d4s.org

yj6jurm5qqkye5.org

ewujsfb1dp5ran.org

8doj8uvx604eck.org

kwywztxoo2xdot.org

ky1d1p1daahe5t.org

ovh1kn1tcqw5kp.org

6cimu4mc085em8.org

5ka8rxp6t6eup2.org

ks501oz9nm3v05.org

v5rjsdqogstopr.org

IP Address

192.121.22.94

109.205.195.211

188.40.187.145

171.22.183.43

194.127.178.21

172.96.137.160

193.242.184.150

185.174.100.203

Hash

124a48b78060fa851e1cc077ca35713c

ca8646dfc88423bb9fffda811160cebe

8c113b3aa82c81eee7c6b4ed0ba9a90f

ab82bf27132323861810c0efcac6d5dd01600dd4

febbaf5f08a8e0782ffcce8beef1f2b4e249a52b

d66944e1a57daf04d3e809f22cd01946d593acaf

186b26df63df3b7334043b47659cba4185c948629d857d47452cc1936f0aa5da

a6df0b49a5ef9ffd6513bfe061fb60f6d2941a440038e2de8a7aeb1914945331

de730d969854c3697fd0e0803826b4222f3a14efe47e4c60ed749fff6edce19d 

Detection Query 1 :

domainname like "2rxyt8yrhq0bgj.org" or url like "2rxyt8yrhq0bgj.org" or siteurl like "2rxyt8yrhq0bgj.org" or domainname like "ks501oz9nm3v05.org" or url like "ks501oz9nm3v05.org" or siteurl like "ks501oz9nm3v05.org" or domainname like "ev2sirbd269o5j.org" or url like "ev2sirbd269o5j.org" or siteurl like "ev2sirbd269o5j.org" or domainname like "ewujsfb1dp5ran.org" or url like "ewujsfb1dp5ran.org" or siteurl like "ewujsfb1dp5ran.org" or domainname like "ky1d1p1daahe5t.org" or url like "ky1d1p1daahe5t.org" or siteurl like "ky1d1p1daahe5t.org" or domainname like "6cimu4mc085em8.org" or url like "6cimu4mc085em8.org" or siteurl like "6cimu4mc085em8.org" or domainname like "d1hmxkpwby0d4s.org" or url like "d1hmxkpwby0d4s.org" or siteurl like "d1hmxkpwby0d4s.org" or domainname like "v5rjsdqogstopr.org" or url like "v5rjsdqogstopr.org" or siteurl like "v5rjsdqogstopr.org" or domainname like "8doj8uvx604eck.org" or url like "8doj8uvx604eck.org" or siteurl like "8doj8uvx604eck.org" or domainname like "download-center.online" or url like "download-center.online" or siteurl like "download-center.online" or domainname like "kwywztxoo2xdot.org" or url like "kwywztxoo2xdot.org" or siteurl like "kwywztxoo2xdot.org" or domainname like "ovh1kn1tcqw5kp.org" or url like "ovh1kn1tcqw5kp.org" or siteurl like "ovh1kn1tcqw5kp.org" or domainname like "5ka8rxp6t6eup2.org" or url like "5ka8rxp6t6eup2.org" or siteurl like "5ka8rxp6t6eup2.org" or domainname like "yj6jurm5qqkye5.org" or url like "yj6jurm5qqkye5.org" or siteurl like "yj6jurm5qqkye5.org" or domainname like "opmanager.pro" or url like "opmanager.pro" or siteurl like "opmanager.pro"

Detection Query 2 :

dstipaddress IN ("193.242.184.150","171.22.183.43","172.96.137.160","188.40.187.145","109.205.195.211","192.121.22.94","194.127.178.21","185.174.100.203") or srcipaddress IN ("193.242.184.150","171.22.183.43","172.96.137.160","188.40.187.145","109.205.195.211","192.121.22.94","194.127.178.21","185.174.100.203")

Detection Query 3 :

md5hash IN ("124a48b78060fa851e1cc077ca35713c","8c113b3aa82c81eee7c6b4ed0ba9a90f","ca8646dfc88423bb9fffda811160cebe")

Detection Query 4 :

sha1hash IN ("d66944e1a57daf04d3e809f22cd01946d593acaf","ab82bf27132323861810c0efcac6d5dd01600dd4","febbaf5f08a8e0782ffcce8beef1f2b4e249a52b")

Detection Query 5 :

sha256hash IN ("de730d969854c3697fd0e0803826b4222f3a14efe47e4c60ed749fff6edce19d","a6df0b49a5ef9ffd6513bfe061fb60f6d2941a440038e2de8a7aeb1914945331","186b26df63df3b7334043b47659cba4185c948629d857d47452cc1936f0aa5da")