CerberRansomware
Cerber Ransomware - The largest RaaS (Ransomware-as-a-Service) platform of 2016-2017. File encryption with .cerber extension, payment panel accessed via 4 Tor2Web proxies, closing Windows audit log with auditpol.exe, VBScript and HTML ransom notes. RSA+RC4 encryption.
Threat Profile
Type
Ransomware
Programming LanguageC
C2 ProtocolHTTP/Tor
First Seen2016
Targets
Kuresel
Purpose / Capabilities
- Ransomware (RaaS)
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
cerberhhyed5frqa.onion
Cerber Ransomware Tor C2 odeme paneli - 4 Tor2Web proxy
|
80 | HTTP | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
CerberRansomware 4a2ad49c -- cerberhhyed5frqa-onion 4xTor2Web cevacont1234-gmail dot-cerber-extension auditpol-audit-disable VirtualAllocEx wallet-dat ipinfo-io 45ED-FB92 RaaS | Kritik
CerberRansomware 4a2ad49c PE32 x86 1.88MB RaaS. .cerber uzantisi. 4 Tor2Web C2 proxy (cerberhhyed5frqa.onion). auditpol.exe denetim logu devre disi. VirtualAllocEx enjeksiyonu. wallet.dat. ipinfo.io.
Read Report →