otx.alienvault.com
Open in
urlscan Pro
13.225.78.74
Public Scan
URL:
https://otx.alienvault.com/pulse/64c758c63950354876440c0f
Submission: On July 31 via api from DE — Scanned from DE
Submission: On July 31 via api from DE — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (21) Suggest Edit Clone Embed Download Report Spam BIG HEAD RANSOMWARE * Created 3 hours ago by akhanafeer * Public * TLP: White Big Head is a ransomware family that has gained attention in recent months. It is not considered a sophisticated strain, with standard encryption methods and easy-to-detect evasion techniques. The creators of Big Head are continuously developing and refining the malware, experimenting with different approaches. The malware can steal various types of data, including browsing history, directories, drivers, and screenshots. It terminates certain processes to prevent interference with the encryption process. The encrypted files are marked with a ".rec_rans" extension, and a ransom note called "HOW_TO_RECOVERY_FILES.txt" is left on compromised systems. Big Head is currently spreading through malvertising campaigns that trick users into installing fraudulent Windows updates and Microsoft Word installers. One variant of Big Head displays a fake Windows Update screen during the encryption process. Tags: worldwind, trojanspy Malware Families: WorldWind , TrojanSpy , big head Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (77) * Related Pulses (28) * Comments (0) * History (0) FileHash-MD5 (21)FileHash-SHA256 (35)FileHash-SHA1 (21) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA256ff900b9224fde97889d37b81855a976cddf64be50af280e04ce53c587d978840Ransom:MSIL/Ryzerlo.AJul 31, 2023, 6:46:31 AM13FileHash-SHA256f6a2ec226c84762458d53f5536f0a19e34b2a9b03d574ae78e89098af20bcaa3Jul 31, 2023, 6:46:31 AM13FileHash-SHA256f59c45b71eb62326d74e83a87f821603bf277465863bfc9c1dcb38a97b0b359dJul 31, 2023, 6:46:31 AM14FileHash-SHA256f354148b5f0eab5af22e8152438468ae8976db84c65415d3f4a469b35e31710fRansom:MSIL/Ryzerlo.AJul 31, 2023, 6:46:31 AM12FileHash-SHA256dcfa0fca8c1dd710b4f40784d286c39e5d07b87700bdc87a48659c0426ec6cb6Jul 31, 2023, 6:46:31 AM14FileHash-SHA256cf9410565f8a06af92d65e118bd2dbaeb146d7e51de2c35ba84b47cfa8e4f53bJul 31, 2023, 6:46:31 AM13FileHash-SHA256be6416218e2b1a879e33e0517bcacaefccab6ad2f511de07eebd88821027f92dJul 31, 2023, 6:46:31 AM12FileHash-SHA256bcf8464d042171d7ecaada848b5403b6a810a91f7fd8f298b611e94fa7250463Jul 31, 2023, 6:46:31 AM14FileHash-SHA256b8e456861a5fb452bcf08d7b37277972a4a06b0a928d57c5ec30afa101d77eadRansom:MSIL/Ryzerlo.AJul 31, 2023, 6:46:31 AM13FileHash-SHA2569c1c527a826d16419009a1b7797ed20990b9a04344da9c32deea00378a6eeee2Jul 31, 2023, 6:46:31 AM13 SHOWING 1 TO 10 OF 77 ENTRIES 1 2 3 4 5 ... 8 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status