[***] Summary: [***]

212 new OPEN, 212 new PRO (212 + 0) Continued DYNAMIC_DNS coverage,
Cobalt Strike, and W32/Filecoder.KY!tr.ransom.

Thanks @Fortinet, @AuCyble, @cybereason

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2040149 - ET INFO DYNAMIC_DNS Query to a *.australia .ai Domain (info.rules)
2040150 - ET INFO DYNAMIC_DNS HTTP Request to a *.australia .ai
Domain (info.rules)
2040151 - ET INFO DYNAMIC_DNS Query to a *.dx .com .ar Domain (info.rules)
2040152 - ET INFO DYNAMIC_DNS HTTP Request to a *.dx .com .ar Domain
(info.rules)
2040153 - ET INFO DYNAMIC_DNS Query to a *.ve3 .info Domain (info.rules)
2040154 - ET INFO DYNAMIC_DNS HTTP Request to a *.ve3 .info Domain
(info.rules)
2040155 - ET INFO DYNAMIC_DNS Query to a *.surfnet .ca Domain (info.rules)
2040156 - ET INFO DYNAMIC_DNS HTTP Request to a *.surfnet .ca Domain
(info.rules)
2040157 - ET INFO DYNAMIC_DNS Query to a *.ix .tc Domain (info.rules)
2040158 - ET INFO DYNAMIC_DNS HTTP Request to a *.ix .tc Domain (info.rules)
2040159 - ET INFO DYNAMIC_DNS Query to a *.cnstefancelmare .ro
Domain (info.rules)
2040160 - ET INFO DYNAMIC_DNS HTTP Request to a *.cnstefancelmare
.ro Domain (info.rules)
2040161 - ET INFO DYNAMIC_DNS Query to a *.xxxxx .tw Domain (info.rules)
2040162 - ET INFO DYNAMIC_DNS HTTP Request to a *.xxxxx .tw Domain
(info.rules)
2040163 - ET INFO DYNAMIC_DNS Query to a *.webs .vc Domain (info.rules)
2040164 - ET INFO DYNAMIC_DNS HTTP Request to a *.webs .vc Domain (info.rules)
2040165 - ET INFO DYNAMIC_DNS Query to a *.minecraft .pe Domain (info.rules)
2040166 - ET INFO DYNAMIC_DNS HTTP Request to a *.minecraft .pe
Domain (info.rules)
2040167 - ET INFO DYNAMIC_DNS Query to a *.jedimasters .net Domain
(info.rules)
2040168 - ET INFO DYNAMIC_DNS HTTP Request to a *.jedimasters .net
Domain (info.rules)
2040169 - ET INFO DYNAMIC_DNS Query to a *.ivi .pl Domain (info.rules)
2040170 - ET INFO DYNAMIC_DNS HTTP Request to a *.ivi .pl Domain (info.rules)
2040171 - ET INFO DYNAMIC_DNS Query to a *.aeroantenna .com Domain
(info.rules)
2040172 - ET INFO DYNAMIC_DNS HTTP Request to a *.aeroantenna .com
Domain (info.rules)
2040173 - ET INFO DYNAMIC_DNS Query to a *.auraria .org Domain (info.rules)
2040174 - ET INFO DYNAMIC_DNS HTTP Request to a *.auraria .org
Domain (info.rules)
2040175 - ET INFO DYNAMIC_DNS Query to a *.dob .jp Domain (info.rules)
2040176 - ET INFO DYNAMIC_DNS HTTP Request to a *.dob .jp Domain (info.rules)
2040177 - ET INFO DYNAMIC_DNS Query to a *.be .sexy Domain (info.rules)
2040178 - ET INFO DYNAMIC_DNS HTTP Request to a *.be .sexy Domain (info.rules)
2040179 - ET INFO DYNAMIC_DNS Query to a *.dyn .ch Domain (info.rules)
2040180 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyn .ch Domain (info.rules)
2040181 - ET INFO DYNAMIC_DNS Query to a *.zza .pl Domain (info.rules)
2040182 - ET INFO DYNAMIC_DNS HTTP Request to a *.zza .pl Domain (info.rules)
2040183 - ET INFO DYNAMIC_DNS Query to a *.inet2 .org Domain (info.rules)
2040184 - ET INFO DYNAMIC_DNS HTTP Request to a *.inet2 .org Domain
(info.rules)
2040185 - ET INFO DYNAMIC_DNS Query to a *.mikata .ru Domain (info.rules)
2040186 - ET INFO DYNAMIC_DNS HTTP Request to a *.mikata .ru Domain
(info.rules)
2040187 - ET INFO DYNAMIC_DNS Query to a *.scottexteriors .com
Domain (info.rules)
2040188 - ET INFO DYNAMIC_DNS HTTP Request to a *.scottexteriors
.com Domain (info.rules)
2040189 - ET INFO DYNAMIC_DNS Query to a *.computersforpeace .net
Domain (info.rules)
2040190 - ET INFO DYNAMIC_DNS HTTP Request to a *.computersforpeace
.net Domain (info.rules)
2040191 - ET INFO DYNAMIC_DNS Query to a *.groups .id Domain (info.rules)
2040192 - ET INFO DYNAMIC_DNS HTTP Request to a *.groups .id Domain
(info.rules)
2040193 - ET INFO DYNAMIC_DNS Query to a *.zsh .jp Domain (info.rules)
2040194 - ET INFO DYNAMIC_DNS HTTP Request to a *.zsh .jp Domain (info.rules)
2040195 - ET INFO DYNAMIC_DNS Query to a *.sne .jp Domain (info.rules)
2040196 - ET INFO DYNAMIC_DNS HTTP Request to a *.sne .jp Domain (info.rules)
2040197 - ET INFO DYNAMIC_DNS Query to a *.ddj .co .za Domain (info.rules)
2040198 - ET INFO DYNAMIC_DNS HTTP Request to a *.ddj .co .za Domain
(info.rules)
2040199 - ET INFO DYNAMIC_DNS Query to a *.lee .mx Domain (info.rules)
2040200 - ET INFO DYNAMIC_DNS HTTP Request to a *.lee .mx Domain (info.rules)
2040201 - ET INFO DYNAMIC_DNS Query to a *.netlord .de Domain (info.rules)
2040202 - ET INFO DYNAMIC_DNS HTTP Request to a *.netlord .de Domain
(info.rules)
2040203 - ET INFO DYNAMIC_DNS Query to a *.mbiselangor .com .my
Domain (info.rules)
2040204 - ET INFO DYNAMIC_DNS HTTP Request to a *.mbiselangor .com
.my Domain (info.rules)
2040205 - ET INFO DYNAMIC_DNS Query to a *.merrittcredit .com Domain
(info.rules)
2040206 - ET INFO DYNAMIC_DNS HTTP Request to a *.merrittcredit .com
Domain (info.rules)
2040207 - ET INFO DYNAMIC_DNS Query to a *.dyn .mk Domain (info.rules)
2040208 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyn .mk Domain (info.rules)
2040209 - ET INFO DYNAMIC_DNS Query to a *.mindhackers .org Domain
(info.rules)
2040210 - ET INFO DYNAMIC_DNS HTTP Request to a *.mindhackers .org
Domain (info.rules)
2040211 - ET INFO DYNAMIC_DNS Query to a *.jcor .ca Domain (info.rules)
2040212 - ET INFO DYNAMIC_DNS HTTP Request to a *.jcor .ca Domain (info.rules)
2040213 - ET INFO DYNAMIC_DNS Query to a *.sulsel .go .id Domain (info.rules)
2040214 - ET INFO DYNAMIC_DNS HTTP Request to a *.sulsel .go .id
Domain (info.rules)
2040215 - ET INFO DYNAMIC_DNS Query to a *.yhkrubber .com .my Domain
(info.rules)
2040216 - ET INFO DYNAMIC_DNS HTTP Request to a *.yhkrubber .com .my
Domain (info.rules)
2040217 - ET INFO DYNAMIC_DNS Query to a *.sdp-mos .ru Domain (info.rules)
2040218 - ET INFO DYNAMIC_DNS HTTP Request to a *.sdp-mos .ru Domain
(info.rules)
2040219 - ET INFO DYNAMIC_DNS Query to a *.splinteredlightbooks .com
Domain (info.rules)
2040220 - ET INFO DYNAMIC_DNS HTTP Request to a
*.splinteredlightbooks .com Domain (info.rules)
2040221 - ET INFO DYNAMIC_DNS Query to a *.ruok .org Domain (info.rules)
2040222 - ET INFO DYNAMIC_DNS HTTP Request to a *.ruok .org Domain
(info.rules)
2040223 - ET INFO DYNAMIC_DNS Query to a *.good-newz .org Domain (info.rules)
2040224 - ET INFO DYNAMIC_DNS HTTP Request to a *.good-newz .org
Domain (info.rules)
2040225 - ET INFO DYNAMIC_DNS Query to a *.benjamin .it Domain (info.rules)
2040226 - ET INFO DYNAMIC_DNS HTTP Request to a *.benjamin .it
Domain (info.rules)
2040227 - ET INFO DYNAMIC_DNS Query to a *.fatdiary .org Domain (info.rules)
2040228 - ET INFO DYNAMIC_DNS HTTP Request to a *.fatdiary .org
Domain (info.rules)
2040229 - ET INFO DYNAMIC_DNS Query to a *.btarena .com Domain (info.rules)
2040230 - ET INFO DYNAMIC_DNS HTTP Request to a *.btarena .com
Domain (info.rules)
2040231 - ET INFO DYNAMIC_DNS Query to a *.d-n-s .org .uk Domain (info.rules)
2040232 - ET INFO DYNAMIC_DNS HTTP Request to a *.d-n-s .org .uk
Domain (info.rules)
2040233 - ET INFO DYNAMIC_DNS Query to a *.wiki .gd Domain (info.rules)
2040234 - ET INFO DYNAMIC_DNS HTTP Request to a *.wiki .gd Domain (info.rules)
2040235 - ET INFO DYNAMIC_DNS Query to a *.forss .to Domain (info.rules)
2040236 - ET INFO DYNAMIC_DNS HTTP Request to a *.forss .to Domain
(info.rules)
2040237 - ET INFO DYNAMIC_DNS Query to a *.dnet .hu Domain (info.rules)
2040238 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnet .hu Domain (info.rules)
2040239 - ET INFO DYNAMIC_DNS Query to a *.vankin .de Domain (info.rules)
2040240 - ET INFO DYNAMIC_DNS HTTP Request to a *.vankin .de Domain
(info.rules)
2040241 - ET INFO DYNAMIC_DNS Query to a *.h0stname .net Domain (info.rules)
2040242 - ET INFO DYNAMIC_DNS HTTP Request to a *.h0stname .net
Domain (info.rules)
2040243 - ET INFO DYNAMIC_DNS Query to a *.hec .to Domain (info.rules)
2040244 - ET INFO DYNAMIC_DNS HTTP Request to a *.hec .to Domain (info.rules)
2040245 - ET INFO DYNAMIC_DNS Query to a *.afela .org Domain (info.rules)
2040246 - ET INFO DYNAMIC_DNS HTTP Request to a *.afela .org Domain
(info.rules)
2040247 - ET INFO DYNAMIC_DNS Query to a *.smelly .cc Domain (info.rules)
2040248 - ET INFO DYNAMIC_DNS HTTP Request to a *.smelly .cc Domain
(info.rules)
2040249 - ET INFO DYNAMIC_DNS Query to a *.winkel .com .ar Domain (info.rules)
2040250 - ET INFO DYNAMIC_DNS HTTP Request to a *.winkel .com .ar
Domain (info.rules)
2040251 - ET INFO DYNAMIC_DNS Query to a *.coolfire25 .com Domain (info.rules)
2040252 - ET INFO DYNAMIC_DNS HTTP Request to a *.coolfire25 .com
Domain (info.rules)
2040253 - ET INFO DYNAMIC_DNS Query to a *.possessed .us Domain (info.rules)
2040254 - ET INFO DYNAMIC_DNS HTTP Request to a *.possessed .us
Domain (info.rules)
2040255 - ET INFO DYNAMIC_DNS Query to a *.lovethosetrains .com
Domain (info.rules)
2040256 - ET INFO DYNAMIC_DNS HTTP Request to a *.lovethosetrains
.com Domain (info.rules)
2040257 - ET INFO DYNAMIC_DNS Query to a *.project .li Domain (info.rules)
2040258 - ET INFO DYNAMIC_DNS HTTP Request to a *.project .li Domain
(info.rules)
2040259 - ET INFO DYNAMIC_DNS Query to a *.networkguru .com Domain
(info.rules)
2040260 - ET INFO DYNAMIC_DNS HTTP Request to a *.networkguru .com
Domain (info.rules)
2040261 - ET INFO DYNAMIC_DNS Query to a *.robinhud .com Domain (info.rules)
2040262 - ET INFO DYNAMIC_DNS HTTP Request to a *.robinhud .com
Domain (info.rules)
2040263 - ET INFO DYNAMIC_DNS Query to a *.homenode .ca Domain (info.rules)
2040264 - ET INFO DYNAMIC_DNS HTTP Request to a *.homenode .ca
Domain (info.rules)
2040265 - ET INFO DYNAMIC_DNS Query to a *.ugo .si Domain (info.rules)
2040266 - ET INFO DYNAMIC_DNS HTTP Request to a *.ugo .si Domain (info.rules)
2040267 - ET INFO DYNAMIC_DNS Query to a *.hijaxdesigns .com Domain
(info.rules)
2040268 - ET INFO DYNAMIC_DNS HTTP Request to a *.hijaxdesigns .com
Domain (info.rules)
2040269 - ET INFO DYNAMIC_DNS Query to a *.hin .tw Domain (info.rules)
2040270 - ET INFO DYNAMIC_DNS HTTP Request to a *.hin .tw Domain (info.rules)
2040271 - ET INFO DYNAMIC_DNS Query to a *.stuns .org Domain (info.rules)
2040272 - ET INFO DYNAMIC_DNS HTTP Request to a *.stuns .org Domain
(info.rules)
2040273 - ET INFO DYNAMIC_DNS Query to a *.mnode .net Domain (info.rules)
2040274 - ET INFO DYNAMIC_DNS HTTP Request to a *.mnode .net Domain
(info.rules)
2040275 - ET INFO DYNAMIC_DNS Query to a *.coreytech .com Domain (info.rules)
2040276 - ET INFO DYNAMIC_DNS HTTP Request to a *.coreytech .com
Domain (info.rules)
2040277 - ET INFO DYNAMIC_DNS Query to a *.sundby .com Domain (info.rules)
2040278 - ET INFO DYNAMIC_DNS HTTP Request to a *.sundby .com Domain
(info.rules)
2040279 - ET INFO DYNAMIC_DNS Query to a *.wild1 .net Domain (info.rules)
2040280 - ET INFO DYNAMIC_DNS HTTP Request to a *.wild1 .net Domain
(info.rules)
2040281 - ET INFO DYNAMIC_DNS Query to a *.technopagans .com Domain
(info.rules)
2040282 - ET INFO DYNAMIC_DNS HTTP Request to a *.technopagans .com
Domain (info.rules)
2040283 - ET INFO DYNAMIC_DNS Query to a *.shit .vc Domain (info.rules)
2040284 - ET INFO DYNAMIC_DNS HTTP Request to a *.shit .vc Domain (info.rules)
2040285 - ET INFO DYNAMIC_DNS Query to a *.dprdsulsel .go .id Domain
(info.rules)
2040286 - ET INFO DYNAMIC_DNS HTTP Request to a *.dprdsulsel .go .id
Domain (info.rules)
2040287 - ET INFO DYNAMIC_DNS Query to a *.morganisageek .org Domain
(info.rules)
2040288 - ET INFO DYNAMIC_DNS HTTP Request to a *.morganisageek .org
Domain (info.rules)
2040289 - ET INFO DYNAMIC_DNS Query to a *.astrabus .ru Domain (info.rules)
2040290 - ET INFO DYNAMIC_DNS HTTP Request to a *.astrabus .ru
Domain (info.rules)
2040291 - ET INFO DYNAMIC_DNS Query to a *.gurdit .com Domain (info.rules)
2040292 - ET INFO DYNAMIC_DNS HTTP Request to a *.gurdit .com Domain
(info.rules)
2040293 - ET INFO DYNAMIC_DNS Query to a *.letz .dev Domain (info.rules)
2040294 - ET INFO DYNAMIC_DNS HTTP Request to a *.letz .dev Domain
(info.rules)
2040295 - ET INFO DYNAMIC_DNS Query to a *.chebicon .ru Domain (info.rules)
2040296 - ET INFO DYNAMIC_DNS HTTP Request to a *.chebicon .ru
Domain (info.rules)
2040297 - ET INFO DYNAMIC_DNS Query to a *.rwbcode .com Domain (info.rules)
2040298 - ET INFO DYNAMIC_DNS HTTP Request to a *.rwbcode .com
Domain (info.rules)
2040299 - ET INFO DYNAMIC_DNS Query to a *.linkin .tw Domain (info.rules)
2040300 - ET INFO DYNAMIC_DNS HTTP Request to a *.linkin .tw Domain
(info.rules)
2040301 - ET INFO DYNAMIC_DNS Query to a *.anal-slavery .com Domain
(info.rules)
2040302 - ET INFO DYNAMIC_DNS HTTP Request to a *.anal-slavery .com
Domain (info.rules)
2040303 - ET INFO DYNAMIC_DNS Query to a *.wanip .ch Domain (info.rules)
2040304 - ET INFO DYNAMIC_DNS HTTP Request to a *.wanip .ch Domain
(info.rules)
2040305 - ET INFO DYNAMIC_DNS Query to a *.fivepals .com Domain (info.rules)
2040306 - ET INFO DYNAMIC_DNS HTTP Request to a *.fivepals .com
Domain (info.rules)
2040307 - ET INFO DYNAMIC_DNS Query to a *.lanas .cl Domain (info.rules)
2040308 - ET INFO DYNAMIC_DNS HTTP Request to a *.lanas .cl Domain
(info.rules)
2040309 - ET INFO DYNAMIC_DNS Query to a *.unibutton .com Domain (info.rules)
2040310 - ET INFO DYNAMIC_DNS HTTP Request to a *.unibutton .com
Domain (info.rules)
2040311 - ET INFO DYNAMIC_DNS Query to a *.macrofox .org Domain (info.rules)
2040312 - ET INFO DYNAMIC_DNS HTTP Request to a *.macrofox .org
Domain (info.rules)
2040313 - ET INFO DYNAMIC_DNS Query to a *.dream .org .il Domain (info.rules)
2040314 - ET INFO DYNAMIC_DNS HTTP Request to a *.dream .org .il
Domain (info.rules)
2040315 - ET INFO DYNAMIC_DNS Query to a *.dagz .ru Domain (info.rules)
2040316 - ET INFO DYNAMIC_DNS HTTP Request to a *.dagz .ru Domain (info.rules)
2040317 - ET INFO DYNAMIC_DNS Query to a *.make .com .ar Domain (info.rules)
2040318 - ET INFO DYNAMIC_DNS HTTP Request to a *.make .com .ar
Domain (info.rules)
2040319 - ET INFO DYNAMIC_DNS Query to a *.nedvighimost-sochi .ru
Domain (info.rules)
2040320 - ET INFO DYNAMIC_DNS HTTP Request to a *.nedvighimost-sochi
.ru Domain (info.rules)
2040321 - ET INFO DYNAMIC_DNS Query to a *.caminobooks .com Domain
(info.rules)
2040322 - ET INFO DYNAMIC_DNS HTTP Request to a *.caminobooks .com
Domain (info.rules)
2040323 - ET INFO DYNAMIC_DNS Query to a *.aintno .info Domain (info.rules)
2040324 - ET INFO DYNAMIC_DNS HTTP Request to a *.aintno .info
Domain (info.rules)
2040325 - ET INFO DYNAMIC_DNS Query to a *.iceage .com .my Domain (info.rules)
2040326 - ET INFO DYNAMIC_DNS HTTP Request to a *.iceage .com .my
Domain (info.rules)
2040327 - ET INFO DYNAMIC_DNS Query to a *.gilead .org .il Domain (info.rules)
2040328 - ET INFO DYNAMIC_DNS HTTP Request to a *.gilead .org .il
Domain (info.rules)
2040329 - ET INFO DYNAMIC_DNS Query to a *.qlbv .vn Domain (info.rules)
2040330 - ET INFO DYNAMIC_DNS HTTP Request to a *.qlbv .vn Domain (info.rules)
2040331 - ET INFO DYNAMIC_DNS Query to a *.vxe6 .net Domain (info.rules)
2040332 - ET INFO DYNAMIC_DNS HTTP Request to a *.vxe6 .net Domain
(info.rules)
2040333 - ET INFO DYNAMIC_DNS Query to a *.myhomedns .net Domain (info.rules)
2040334 - ET INFO DYNAMIC_DNS HTTP Request to a *.myhomedns .net
Domain (info.rules)
2040335 - ET INFO DYNAMIC_DNS Query to a *.beerprojects .com Domain
(info.rules)
2040336 - ET INFO DYNAMIC_DNS HTTP Request to a *.beerprojects .com
Domain (info.rules)
2040337 - ET INFO DYNAMIC_DNS Query to a *.linux70 .ru Domain (info.rules)
2040338 - ET INFO DYNAMIC_DNS HTTP Request to a *.linux70 .ru Domain
(info.rules)
2040339 - ET INFO DYNAMIC_DNS Query to a *.dropfiles .net Domain (info.rules)
2040340 - ET INFO DYNAMIC_DNS HTTP Request to a *.dropfiles .net
Domain (info.rules)
2040341 - ET INFO DYNAMIC_DNS Query to a *.womenclothingtoday .com
Domain (info.rules)
2040342 - ET INFO DYNAMIC_DNS HTTP Request to a *.womenclothingtoday
.com Domain (info.rules)
2040343 - ET INFO DYNAMIC_DNS Query to a *.8bit .ca Domain (info.rules)
2040344 - ET INFO DYNAMIC_DNS HTTP Request to a *.8bit .ca Domain (info.rules)
2040345 - ET INFO DYNAMIC_DNS Query to a *.gerastar .ru Domain (info.rules)
2040346 - ET INFO DYNAMIC_DNS HTTP Request to a *.gerastar .ru
Domain (info.rules)
2040347 - ET INFO DYNAMIC_DNS Query to a *.abatek .com Domain (info.rules)
2040348 - ET INFO DYNAMIC_DNS HTTP Request to a *.abatek .com Domain
(info.rules)
2040349 - ET MALWARE Observed DNS Query to
W32/Filecoder.KY!tr.ransom Domain (e4c0660414bf .eu .ngrok .io)
(malware.rules)
2040350 - ET MALWARE Observed DNS Query to
W32/Filecoder.KY!tr.ransom Domain (81 .59 .117 .34 .bc
.googleusercontent .com) (malware.rules)
2040351 - ET MALWARE Observed DNS Query to
W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1
.compute .amazonaws .com) (malware.rules)
2040352 - ET PHISHING Coinbase Credential Phish Landing Page
2022-11-29 (phishing.rules)
2040353 - ET INFO Observed DNS Query to Cryptocurrency Mining Pool
Domain (xmr .2miners .com) (info.rules)
2040354 - ET MALWARE Qakbot/Cobalt Strike Domain (jesofidiwi .com)
in DNS Lookup (malware.rules)
2040355 - ET MALWARE Qakbot/Cobalt Strike Domain (tevokaxol .com) in
DNS Lookup (malware.rules)
2040356 - ET MALWARE Qakbot/Cobalt Strike Domain (vopaxafi .com) in
DNS Lookup (malware.rules)
2040357 - ET MALWARE Qakbot/Cobalt Strike Domain (dimingol .com) in
DNS Lookup (malware.rules)
2040358 - ET HUNTING Powershell Get-ComputerInfo Output
(WindowsBuildLabEx) - Decimal Encoded (hunting.rules)
2040359 - ET HUNTING Microsoft Powershell Banner Output - Decimal
Encoded (hunting.rules)
2040360 - ET HUNTING Microsoft cmd.exe Banner Output - Decimal
Encoded (hunting.rules)

[---] Disabled and modified rules: [---]

2039766 - ET MALWARE SocGholish CnC Domain in DNS Lookup (rate
.coinangel .online) (malware.rules)

Date:
Summary title:
212 new OPEN, 212 new PRO (212 + 0) Continued DYNAMIC_DNS coverage, Cobalt Strike, and W32/Filecoder.KY!tr.ransom.