Severity

Medium

Analysis Summary

Additional IOCs are provided for a  new malspam themed ransonware GandCrab which  is active again and currently delivering malicious url’s to different users.

Indicators of Compromise

URLs

• hxxp://gandcrabmfe6mnef[.]onion
• hxxp://www.kakaocorp[.]link/includes/images/dekahehees.jpg
• hxxp://www.kakaocorp[.]link/news/pictures/soru.png
• hxxp://www.now[.]cn/whois/info.net
• manuscementferpo[.]space
• gandcrabmfe6mnef[.]onion
• www.kakaocorp[.]link
• 107-173-49-208-host.colocrossing[.]com
• fliptray[.]biz
• kakaocorp[.]link
• watchsale[.]biz
• www.now[.]cn
• www.todaynic[.]com
• todaynic[.]com
• todyanic[.]com

Malware Hash (MD5/SHA1/SH256)

• 3cd900bd09cda8181b16242fabacd81e9aa84f2b
• c2094fd33fa7bda0c5d6d3d7539e7d640f71216e
• 2c5209a8bc0edca7503fae7e0d6249ef9e878cd7

Remediation

• Block threat indicators at your respective controls
• Never click on links/ attachments sent by unknown senders
• Always be suspicious about the emails sent by unknown senders