Created
March 19, 2019 22:20
-
-
Save Blevene/7b0221bd1d79bec57fb555fe3613e102 to your computer and use it in GitHub Desktop.
LockerGoga IOCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| first_submitted (epoch) | first_submitted | sha256 | file_magic | size | num_detections | RESULTS | signers | full_sig | country | |
|---|---|---|---|---|---|---|---|---|---|---|
| 1546950000 | 2019-01-08 12:20:00 | c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4 | PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly | 2097664 | 27 | Win64/Filecoder.LockerGoga.A,W64/Filecoder_LockerGoga.A!tr.ransom,Trojan-Ransom.LockerGoga | NL | |||
| 1547710000 | 2019-01-17 7:26:40 | 5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1284112 | 40 | Trojan[Ransom]/Win32.LockerGoga.a,Ransom.LockerGoga.S5239812,a variant of Win32/Filecoder.LockerGoga.A | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | RO | |
| 1548320000 | 2019-01-24 8:53:20 | bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 51 | Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.SMA | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | RO | |
| 1548320000 | 2019-01-24 8:53:20 | bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 51 | Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | NL | |
| 1548320000 | 2019-01-24 8:53:20 | bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 51 | Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | ||
| 1548320000 | 2019-01-24 8:53:20 | bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 51 | Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.SMA | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | CO | |
| 1548330000 | 2019-01-24 11:40:00 | b8dedd74f8f474c97d53d313eb5a61d09fc020e91aa09c36711bac5cc123b6d7 | ASCII English text, with CRLF line terminators | 1427 | 2 | Win32/Filecoder.LockerGoga | NL | |||
| 1548360000 | 2019-01-24 20:00:00 | bef41d3c76aa98e774ca0185eb5d37da7bf128e3d855ebc699fed90f3988c7d3 | 7-zip archive data, version 0.4 | 1267866 | 32 | Trojan[Ransom]/Win32.LockerGoga.a,Win32/Filecoder.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A | IT | |||
| 1548460000 | 2019-01-25 23:46:40 | 6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 50 | a variant of Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | NL | |
| 1548460000 | 2019-01-25 23:46:40 | 8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1282576 | 40 | Trojan[Ransom]/Win32.LockerGoga.a,Ransom.LockerGoga.S5239812,Win32/Filecoder.LockerGoga.A,W32/LockerGoga.A.gen!Eldorado | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"11:00 PM 06/24/2018","valid to":"10:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"11:00 PM 05/08/2013","valid to":"10:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | NL | |
| 1548610000 | 2019-01-27 17:26:40 | c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 45 | Generic.Ransom.LockerGoga.4223BE99,Generic.Ransom.LockerGoga.4223BE99,Generic.Ransom.LockerGoga.4223BE99,a variant of Win32/Filecoder.LockerGoga.A,Generic.Ransom.LockerGoga.4223BE99 (B),W32/LockerGoga.A.gen!Eldorado,Win32.Trojan-Ransom.LockerGoga.A,Generic.Ransom.LockerGoga.4223BE99,Ransom.Win32.LOCKERGOGA.SMA,W32.Ransom.Lockergoga | NL | |||
| 1548680000 | 2019-01-28 12:53:20 | 9128e1c56463b3ce7d4578ef14ccdfdba15ccc2d73545cb541ea3e80344b173c | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1267728 | 10 | W32.Ransom.Lockergoga | SE | |||
| 1548840000 | 2019-01-30 9:20:00 | f3c58f6de17d2ef3e894c09bc68c0afcce23254916c182e44056db3cad710192 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1290240 | 47 | Generic.Ransom.LockerGoga.CA4FC2EE,Generic.Ransom.LockerGoga.CA4FC2EE,Generic.Ransom.LockerGoga.CA4FC2EE,a variant of Win32/Filecoder.LockerGoga.A,Generic.Ransom.LockerGoga.CA4FC2EE (B),Win32.Trojan-Ransom.LockerGoga.A,Generic.Ransom.LockerGoga.CA4FC2EE,Ransom.Win32.LOCKERGOGA.SMA,Ransom.Win32.LOCKERGOGA.SMA | FR | |||
| 1549370000 | 2019-02-05 12:33:20 | 47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1274736 | 39 | Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Trojan.Lockergoga,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Win32/Filecoder.LockerGoga.B,Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),Trojan-Ransom.LockerGoga (A),W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,W32/Filecoder_LockerGoga.B!tr,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Win32.Trojan-Ransom.LockerGoga.B,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI | "KITTY'S LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"KITTY'S LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/01/2019","valid to":"11:59 PM 02/01/2020","serial number":"37 8D 55 43 04 8E 58 3A 06 A0 81 9F 25 BD 9E 85","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"CF933A629598E5E192DA2086E6110AD1974F8EC3"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | TR | |
| 1549370000 | 2019-02-05 12:33:20 | 47f5a231f7cd0e36508ca6ff8c21c08a7248f0f2bd79c1e772b73443597b09b4 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1274736 | 39 | Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Ransom.LockerGoga.A,Trojan.Lockergoga,Win32/Filecoder.LockerGoga.B,Trojan-Ransom.LockerGoga (A),W32/Filecoder_LockerGoga.B!tr,Win32.Trojan-Ransom.LockerGoga.B,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Trojan.Ransom.LockerGoga.A,Ransom.Win32.LOCKERGOGA.THBOGAI,Ransom.Win32.LOCKERGOGA.THBOGAI | "KITTY'S LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"KITTY'S LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/01/2019","valid to":"11:59 PM 02/01/2020","serial number":"37 8D 55 43 04 8E 58 3A 06 A0 81 9F 25 BD 9E 85","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"CF933A629598E5E192DA2086E6110AD1974F8EC3"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | DE | |
| 1549440000 | 2019-02-06 8:00:00 | 39e298627215ed3bed76686f52eb741335195c2cd09b69181892b4fa9f53f514 | ASCII English text, with CRLF line terminators | 1434 | 1 | Win32/Filecoder.LockerGoga | TR | |||
| 1549470000 | 2019-02-06 16:20:00 | 14e8a8095426245633cd6c3440afc5b29d0c8cd4acefd10e16f82eb3295077ca | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1268240 | 41 | Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,Trojan[Ransom]/Win32.LockerGoga.a,Trojan[Ransom]/Win32.LockerGoga.a,Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,TR/LockerGoga.mfwsd,TR/LockerGoga.mfwsd,Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,a variant of Win32/Filecoder.LockerGoga.A,a variant of Win32/Filecoder.LockerGoga.A,Generic.Ransom.LockerGoga.CC1CD792 (B),Generic.Ransom.LockerGoga.CC1CD792 (B),W32/LockerGoga.A.gen!Eldorado,W32/LockerGoga.A.gen!Eldorado,Trojan.TR/LockerGoga.mfwsd,Trojan.TR/LockerGoga.mfwsd,Win32.Trojan-Ransom.LockerGoga.A,Win32.Trojan-Ransom.LockerGoga.A,Trojan-Ransom.LockerGoga,Trojan-Ransom.LockerGoga,Generic.Ransom.LockerGoga.CC1CD792,Generic.Ransom.LockerGoga.CC1CD792,Trojan.Win32.Z.Lockergoga.1268240,Trojan.Win32.Z.Lockergoga.1268240 | "MIKL LIMITED; COMODO RSA Code Signing CA; COMODO SECURE™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"MIKL LIMITED","algorithm":"sha256RSA","valid from":"12:00 AM 06/25/2018","valid to":"11:59 PM 06/25/2019","serial number":"3D 25 80 E8 95 26 F7 85 2B 57 06 54 EF D9 A8 BF","cert issuer":"COMODO RSA Code Signing CA","thumbprint":"C1B4D57A36E0B6853DD38E3034EDF7D99A8B73AD"},{"status":"Valid","valid usage":"Code Signing","name":"COMODO RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 05/09/2013","valid to":"11:59 PM 05/08/2028","serial number":"2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF","cert issuer":"COMODO RSA Certification Authority","thumbprint":"B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"COMODO SECURE™","algorithm":"sha384RSA","valid from":"12:00 AM 01/19/2010","valid to":"11:59 PM 01/18/2038","serial number":"4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D","cert issuer":"COMODO RSA Certification Authority","thumbprint":"AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4"}] | ES | |
| 1549600000 | 2019-02-08 4:26:40 | 7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1274736 | 38 | TR/LockerGoga.jccbu,Trojan.Lockergoga,Win32/Filecoder.LockerGoga.B,Trojan-Ransom.LockerGoga (A),Trojan.TR/LockerGoga.jccbu,W32/Filecoder_LockerGoga.B!tr,Win32.Trojan-Ransom.LockerGoga.B,Trojan-Ransom.LockerGoga,Ransom.LockerGoga | "KITTY'S LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"KITTY'S LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/01/2019","valid to":"11:59 PM 02/01/2020","serial number":"37 8D 55 43 04 8E 58 3A 06 A0 81 9F 25 BD 9E 85","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"CF933A629598E5E192DA2086E6110AD1974F8EC3"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | US | |
| 1552050000 | 2019-03-08 13:00:00 | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1254264 | 46 | TR/LockerGoga.biysb,a variant of Win32/Filecoder.LockerGoga.C,Trojan.TR/LockerGoga.biysb,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLOUD) | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | IT | |
| 1552050000 | 2019-03-08 13:00:00 | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1254264 | 46 | TR/LockerGoga.biysb,a variant of Win32/Filecoder.LockerGoga.C,Trojan.TR/LockerGoga.biysb,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLOUD) | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | CH | |
| 1552050000 | 2019-03-08 13:00:00 | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1254264 | 46 | TR/LockerGoga.biysb,a variant of Win32/Filecoder.LockerGoga.C,Trojan.TR/LockerGoga.biysb,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLOUD) | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | AR | |
| 1552050000 | 2019-03-08 13:00:00 | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1254264 | 46 | TR/LockerGoga.biysb,a variant of Win32/Filecoder.LockerGoga.C,Trojan.TR/LockerGoga.biysb,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLOUD) | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Trust for this certificate or one of the certificates in the certificate chain has been revoked.","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | ES | |
| 1552180000 | 2019-03-10 1:06:40 | 0e874661b6bc116f18230dd6b50f792a944f4ba8e3f58edf1f128517ce8d44ee | RAR archive data, v20, | 460453 | 25 | TR/LockerGoga.biysb,a variant of Win32/Filecoder.LockerGoga.C,Trojan-Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLOUD) | HU | |||
| 1552250000 | 2019-03-10 20:33:20 | ba15c27f26265f4b063b65654e9d7c248d0d651919fafb68cb4765d1e057f93f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1249144 | 37 | TR/LockerGoga.arvsg,Win32/Filecoder.LockerGoga.D,Trojan.TR/LockerGoga.arvsg,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.Win32.LOCKERGOGA.THCAAAI,Ransom.Win32.LOCKERGOGA.THCAAAI | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Valid","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | CA | |
| 1552250000 | 2019-03-10 20:33:20 | ba15c27f26265f4b063b65654e9d7c248d0d651919fafb68cb4765d1e057f93f | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1249144 | 37 | TR/LockerGoga.arvsg,Win32/Filecoder.LockerGoga.D,Trojan.TR/LockerGoga.arvsg,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.Win32.LOCKERGOGA.THCAAAI,Ransom.Win32.LOCKERGOGA.THCAAAI | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Valid","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | IT | |
| 1552420000 | 2019-03-12 19:46:40 | 7bcd69b3085126f7e97406889f78ab74e87230c11812b79406d723a80c08dd26 | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | 1249144 | 36 | TR/LockerGoga.eipdo,Win32/Filecoder.LockerGoga.D,Trojan.TR/LockerGoga.eipdo,W32/Filecoder_LockerGoga.D!tr,Trojan-Ransom.LockerGoga,Ransom.LockerGoga,Ransom.LockerGoga!1.B635 (CLASSIC) | "ALISA LTD; Sectigo RSA Code Signing CA; USERTrust Secure™" | [{"status":"Valid","valid usage":"Code Signing","name":"ALISA LTD","algorithm":"sha256RSA","valid from":"12:00 AM 02/22/2019","valid to":"11:59 PM 02/21/2020","serial number":"5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B","cert issuer":"Sectigo RSA Code Signing CA","thumbprint":"ACB38D45108C4F0C8894040646137C95E9BB39D8"},{"status":"Valid","valid usage":"Code Signing, Timestamp Signing","name":"Sectigo RSA Code Signing CA","algorithm":"sha384RSA","valid from":"12:00 AM 11/02/2018","valid to":"11:59 PM 12/31/2030","serial number":"1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66"},{"status":"Valid","valid usage":"Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User","name":"USERTrust Secure™","algorithm":"sha384RSA","valid from":"12:00 AM 02/01/2010","valid to":"11:59 PM 01/18/2038","serial number":"01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D","cert issuer":"USERTrust RSA Certification Authority","thumbprint":"2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E"}] | NL | |
| 1552420000 | 2019-03-12 19:46:40 | b686c88bce6629088ce1044b30ad1d5b978fd754601b8b463bc1f611b01d05d7 | ASCII English text, with CRLF line terminators | 1428 | 1 | Win32/Filecoder.LockerGoga | NL | |||
| 1552970000 | 2019-03-19 4:33:20 | ec52b27743056ef6182bc58d639f477f9aab645722f8707300231fd13a4aa51f | Zip archive data, at least v2.0 to extract | 580460 | 12 | Gen:Variant.Ransom.LockerGoga.4,Trojan.Ransom.LockerGoga.4,Gen:Variant.Ransom.LockerGoga.4,a variant of Win32/Filecoder.LockerGoga.D,Gen:Variant.Ransom.LockerGoga.4,Gen:Variant.Ransom.LockerGoga.4,Ransom.LockerGoga!1.B635 (CLASSIC) | NO | |||
| 1552980000 | 2019-03-19 7:20:00 | 7a059301a1c6198bb3a2cb2ae8cd358486f806ea1b202c4ca8613846a9c3cc64 | Zip archive data, at least v2.0 to extract | 580460 | 12 | Gen:Variant.Ransom.LockerGoga.4,Trojan.Ransom.LockerGoga.4,Gen:Variant.Ransom.LockerGoga.4,a variant of Win32/Filecoder.LockerGoga.D,Gen:Variant.Ransom.LockerGoga.4,Gen:Variant.Ransom.LockerGoga.4,Ransom.LockerGoga!1.B635 (CLASSIC) | NO |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment