Skip to main content

Posts

Showing posts from September, 2017

LowLevel04 Ransomware - IOC - File Details

1) Ransomware Name - LowLevel04

2) Encrypted Extensions - oor.

3) Ransom Note File - help recover files.txt

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshot -


7) Indicators pf Compromise -
entry122717@gmail.com
entry123488@india.com


8) File Details - NA

Lortok Ransomware - IOC - File Details

1) Ransomware Name - Lortok

2) Encrypted Extensions - .crime

3) Ransom Note File -  ВНИМАНИЕ_ОТКРОЙТЕ-МЕНЯ.txt

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise - NA


8) File Details - NA

Lomix Ransomware - IOC - File Details

1) Ransomware Name - Lomix

2) Encrypted Extensions - .encrypted

3) Ransom Note File -
.encrypted.original_file_extension
Important.encrypted.docx
README.txt
lomix.exe
<random>.exe

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - NA

8) File Details - NA

Lock93 Ransomware - IOC - File Details

1) Ransomware Name - Lock93

2) Encrypted Extensions - .lock93

3) Ransom Note File - ИНСТРУКЦИЯ INSTRUCTION.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -
E-mail: oplaticydadeng@mail. ru
Reserve E-mail: zaplatiddeng@yandex.ru


8) File Details - NA

Locky Ransomware - IOC - File Details

1) Ransomware Name - Locky

2) Encrypted Extensions -
.locky
.zepto
.odin
.shit
.thor
.aesir
.zzzzz
.osiris
.DIABLO6

3) Ransom Note File -
_Locky_recover_instructions.txt
_Locky_recover_instructions.bmp
_HELP_instructions.txt
_HELP_instructions.bmp
_HOWDO_text.html
_WHAT_is.html
_INSTRUCTION.html
DesktopOSIRIS.(bmp|htm)
OSIRIS-[0-9]{4}.htm

4) Encrypted Algorithmm - RSA-2048 and AES-128

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -
xxxx://6dtxgqam4crv6rr6.tor2web.org/
xxxx://6dtxgqam4crv6rr6.onion.to/
xxxx://6dtxgqam4crv6rr6.onion.cab/
xxxx://6dtxgqam4crv6rr6.onion.link/
***6dtxgqam4crv6rr6.onion


8) File Details -
MD5 8d3576d281200a1e713dc70c2b639aaf
SHA1 00551fa40409d2b2c94ff17a0ab6a42f1828da54
SHA256 cbd9e9038bf5959e134ee55ebd6b8c802ee56c54d987a85441f33b361be3ace2
ssdeep96: faz / a0gIigdGy9d5gUB1 / ocZMftvZlwGAkyRjaoc0GwxYwF: faz / 9gIiaGy9DgUB1 / ocyfVfwGAZj9cc
The size of the file is 3.8 KB (3879 bytes)
File Type Text
DescriptionASCII text, with very long lin…

LockLock Ransomware - IOC - File Details

1) Ransomware Name - LockLock

2) Encrypted Extensions - .locklock

3) Ransom Note File - READ_ME.TXT

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise -
locklockrs@aol.com
http://b1t.do/locklockrs
Skype : locklockrs
www.locklock.net  (200.63.45.76)
C2: locklock.net/tmp/savekey.php


8) File Details - NA

Locker Ransomware - IOC - File Details

1) Ransomware Name - Locker

2) Encrypted Extendions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-32%23entry3721545&sa=D&ust=1505219068689000&usg=AFQjCNGQmnGu1N-Lr0UZRUaYWrizxeJ5Bg

6) Screenshot -


7) Indicators of Compromise - NA


8) File Details - NA

Locked-In Ransomware - IOC - File Details

1) Ransomware Name - Locked-In

2) Encrypted Extensions - .novalid

3) Ransom note File -
RESTORE_CORUPTED_FILES.HTML
RESTORE_NOVALID_FILES.HTML

4) Encrypted Algorithm - AES-256

5) Decryptor Link - https://www.google.com/url?
q=https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/&sa=D&ust=1505219068689000&usg=AFQjCNF9ioLcjI8uj-Oh5swSsBA9DBqXMw


6) Screenshot -


7) indicators of Compromise - NA


8) File Details -
MD5 b6ffac29f16e859b7aa8ab7f62b0bcef
SHA1 2eb0644345f4fbde656f316c7d9ce6866ec4335e
SHA256 8cc8125ce0cace7e1f090015a7a2e55aa0bbd06318a3f29c0a11cb6c85ad2264
ssdeep768: L / 1L41c / gaxme9hpfILteybyD1D9Hnfl9AtSy: L9LQOALMybyDJ9N9Aoy
authentihash  e4ca172031e3b85a97b9ca031b97ec94c9d32d9e7cdb33a6349462c01130ead4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 38.0 KB (38912 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

LLTP Locker Ransomware - IOC - File Details

1) Ransomware Name - LLTP Locker

2) Encrypted Extensions -
.ENCRYPTED_BY_LLTP
.ENCRYPTED_BY_LLTPp

3) Ransom Note File - LEAME.txt

4) Encrypted Algorithm - AES-256 + RSA

5) Decryptor Link - NA

6) Screenshot -

7) Indicaators of Compromise -
xxxx://i.imgur.com/VdREVyH.jpg - скринлок на обои;
xxxx://moniestealer.co.nf/nran/gen.php - C&C-сервер;
Email: LLTP@mail2tor.com


8) File Details -
MD5 4eaac55ddd279d402d0aba8707b9ca5b
SHA1 353420879d240926ee3be94486358e1495381b53
SHA256 46f8dc86d571a6bda00faade21b719ec82c5a1dda3b0fc54bb053a5004557e2d
ssdeep12288: AdgtTWupXNT35AcFqTC9mUoE + Yfz3OlZUW + 7xsvceR0KtjYxQFmLv: thZpXJ3SGqTC9l5Br3qZlCxarjpFmLv
authentihash  d49fb088b5e847cedc9b33b880862ab7760be05620363104035a795327ff6a26
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 939.0 KB (961536 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

MD5 ed3dad6c60222d6a90716ea77769511d
SHA1 25e6d131dfcf5cca9f5330a7a65faf…

LK Encryption Ransomware - IOC - File Details

1) Ransomware Name - LK Encryption

2) Encrypted Extensions - .locked

3) Ransom Note File -
READ_IT.txt
HELLO_FROM_HACKER.txt
password.txt
Encrypt.exe

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - xxxx://test.langkhach.org:7443/api/encrypt/

8) File Details -
MD5 ef917a988304aaa252e786bb8eb94087
SHA1 98216908dd77523fe2f4b662bfe8aff6e07dbb0e
SHA256 a5369b13c800223a2e17be887ec346ee2f38e26b75171b70deabb12d8c84d45c
ssdeep96: 6fAJy0Mq2VbHjuZHUca / + fzYxqdV55rcqEPj1kibPFpHq7D6fyJ + 5 / vW + xqzNt: OAJyzqF5gWMxqlJcqSj1nbKaX / vWMM
authentihash  d431449ed4781e8983d871db5ef23aaa082d8e3dc849665de4695cab6fa85c2c
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file 8.5 KB (8704 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (console) Intel 80386 Mono / .Net assembly

MD5 5d3f78f2922062ad555386406f29e35f
SHA1 d30341a3cf0c0523ba09592c48e4f4a53be7c61d
SHA256 d84a616c8b3207ddd93140fe5273b2a790c5dc2cce9db38502ef25e2d7bd5…

Linux.Encoder - IOC - File Details

1) Ransomware Name - Linux.Encoder

2) Encrypted Extensions - NA

3) Ransom note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/&sa=D&ust=1505219068688000&usg=AFQjCNEBTcFX7ttQ_unyLx53Om0RDbHKMA


6) Screenshot -

7) Indicators of Compromise - NA


8) File Details - NA

Lick Ransomware - IOC - File Details

1) Ransomware Name - Lick

2) Encrypted Extensions - .Licked

3) Ransom Note File - RANSOM_NOTE.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - NA

8) File Details - NA

LeChiffre Ransomware - IOC - File Details

1) Ransomware Name - LeChiffre

2) Encrypted Extensions - .LeChiffre

3) Ransom Note File - How to decrypt LeChiffre files.html

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://decrypter.emsisoft.com/lechiffre&sa=D&ust=1505219068687000&usg=AFQjCNHSI4Dd4rEsOkkeD1cRHxP5jicWyw


6) Screenshot -



7) Indicaors of Compromise - Email: lechiffre@india.com и lechiffre@mailchuck.com


8) File Details - NA

LanRan Ranosmware - IOC - File Details

1) Ransomware Name - LanRan

2) Encrypted Extensions - NA

3) Ransom Note File -
@__help__@
lan.exe
<random>.exe

4) Encrypted Algorithm - AES / RSA, RSA-2048

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - Email: lanran-decrypter@list.ru

8) File Details -
MD5 05c95cefcc2292424ffc1aff84215a4e
SHA1 83eeb67e6deaa063979aa5bbde7e9d9eeabab577
SHA256 875a6185aa50896f96a40c75005c849b320ef27f7332e7a2c0c2c1d3d55faff0
ssdeep6144: 8fkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk4: 8fkkkkkkkkkkkkkkkkkkkkkkkkkkkkkL
authentihash  3b0ee0c5785413994d3c42f0f5c3c7d8d60591c80467afa532cb0bcebb07ab66
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 197.5 KB (202240 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

MD5 3273438de838bc9b630ed2f032a6ee0b
SHA1 e5cd6355f867d4ab24f14905525ac0cfc0b5dc49
SHA256 0e1577001fd5c5a2fe5ad9f8f88fec37caf1389dc2fd4e25c56bb7e5f426cb41
ssdeep1536: B81b189BMa9…

LambdaLocker Ransomware - IOC - File Details

1) Ransomware Name - LambdaLocker

2) Encrypted Extensions - .lambda_l0cked

3) Ransom Note File -
READ_IT.hTmL
LambdaLocker.exe
baiduyunSimple.exe

4) Encrypted Algorithm - AES+RSA и SHA-256

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise -
lambdasquad.hl@yandex.com
HuoBi (火币,China): https://www.huobi.com/
BtcTrade (China): http://www.btctrade.com
OKCoin: https://www.okcoin.cn/
Bter: https://bter.com/
JuBi (聚币,China): http://www.jubi.com/
Btc100 (China): https://www.btc100.cn/
BTC-e: https://btc-e.com/
Bitstamp: https://www.bitstamp.net/
GDAX: https://www.gdax.com/
CEX: https://cex.io/


8) File Details -
MD5 bd529e07aa7ae40c11b88849f4ef043e
SHA1 bb0ff189bfded4d40095fbf4f58ba7bd7b728aac
SHA256 527436992d09fa4ad6f7e590e28ea9c416acbde18d96a618aba7f6c071649f0e
ssdeep196608: lqYMXdM + 4nDzOXtvRawDnug4ZIEj + G8fNGOV: lqYeW + 4nHOdvQRjR8VGOV
authentihash  7661b0b4b016248a19af5a650054d799d6801c2a0c7856bcb376773606e22b85
imphash  f8f737122031b75e9e37d66860a41780
The size of th…

KryptoLocker Ransomware - IOC - File Details

1) Ransomware Name - KryptoLocker

2) Encrypted Extensions - NA

3) Ransom Note File - KryptoLocker_README.txt

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -NA


8) File Details - NA

KRider Ransomware - IOC - File Details

1) Ransomware Name - KRider

2) Encrypted Extensions - .kr3

3) Ransom Note File -
KRider.exe
<random>.exe

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 ea347add66d87351b6ae657bb890614f
SHA1 f5ecb31a9e9067a3d3aade6618e8ea5bfbf517d6
SHA256 5fd2d26cc8910638edc1b36f0c7655591824b755f79ad312e106827db2c8fcb6
ssdeep192: cS / XCOU36PhC1zN / I6Cs4Iv385VmfRyYwXebUKQqsXLqthxH8yWAmS: pX3UqPhWN / n4nmlwX5Sdg
authentihash  c67ba78168bafe122ae05e46ea7e3bc455e190b3b8a98f3d333c179c19a5e0a7
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 13.0 KB (13312 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

MD5 1c0b6cca5cb199aa498679d15c301711
SHA1 849a3987e0e4bc362d23cc258a03d635a0be6c69
SHA256 18f6bd53e57bbddacb68375f835c2b5f7f39f816d48a5d4fd72c1e4837a76e40
ssdeep384: 6lcmLriMBeCHaaxXD0odbMB9lgz5tHoc: 6zrice9E3bGAz5tHoc
authentihash  844859…

KratosCrypt Ransomware - IOC - File Details

1) Ransomware Name - KratosCrypt

2) Encrypted Extensions - .kratos

3) Ransom Note File - README_ALL.html

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - kratosdimetrici@gmail.com


8) File Details - NA

Kraken Ransomware - IOC - File Details

1) Ransomware Name - Kraken

2) Encrypted Extensions - .kraken

3) Ransom Note File -
Kraken.exe
Kraken Decryptor.exe
_HELP_YOUR_FILES.html

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise -
krakenk811@gmail.com
kraken0@india.com
kraken@innocent.com

8) File Details - NA

Kozy.Jozy Ransomware - IOC - File Details

1) Ransomware Name - Kozy.Jozy

2) Encrypted Extensions - .31392E30362E32303136_[ID-KEY]_LSBJ1

3) Ransom Note File - w.jpg

4) Encrypted Algorithm - RSA(2048)

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise -
kozy.jozy@yahoo.com
unlock92@india.com


8) File Details - NA

Kostya Ransomware - IOC - File Details

1) Ransomware Name - Kostya

2) Encrypted Extensions - .kostya

3) Ransom Note File - NA

4) Encrypted Algorithm - AES-256

5) Decryptor Link - Na


6) Screenshot -


7) Indicators of Compromise - Email вымогателей: slothcbx@protonmail.com


8) File Details - NA

Korean Ransomware - IOC - File Details

1) Ransomware Name - Korean

2) Encrypted Extensions - .암호화됨

3) Ransom Note File - ReadMe.txt

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -
http://www.torproject.org/projects/torbrowser.html.en
http://t352fwt225ao5mom.onion
http://2dasasfwt225dfs5mom.onion.city


8) File Details -
MD5 e9dd12f20b0359266e2e151f64231e50
SHA1 ab5dc6e44029dc56d0dd95b75c3db901b7fe629a
SHA256 8997e8d0cdefde1dbd4d806056e8509dea42d3805f4ac77cff7021517ad1ba06
ssdeep1536: nHbuzf2c + v8sLVT6R8ZvlqQEz / GWtkxzv5UtW1vZZn: HbIbsRTLmNalOtWFn
authentihash  a23e7e0dc33931e2058333367cd6df2bea098debd2a6a5c6f128a1d078f4c2d3
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 96.5 KB (98816 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Koolova Ransomware - IOC - File Details

1) Ransomware Name - Koolova

2) Encrypted Extensions - .encrypted

3) Ransom Note File -
Koolova_Ransomware.exe
Runsome.exe
<random>.exe

4) Encrpted Algorithm - AES-256

5) Decryptor Link - NA


6) Screenshot -


7) Indicaators of Compromise - NA


8) File Details -
MD5 10fe7cd6f81357e8349d545c973033dd
SHA1 89f6fdaad78285bd97234fec2f95b9ca06805d20
SHA256 2e76903c877088fb628337a9d520c57131daf2eb13a2114381c78b3f0fdd7d3b
ssdeep768: m5uN0g6 / voLsggvJ3tKFEXTPB7d0kAF10ttSwU9: JNF6 / QLB45wKXbBx0ki2tSwO
authentihash  3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 37.5 KB (38400 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly


MD5 09e5352837eeaf9318baca7f4b22dde5
SHA1 4eef6f43cc0b249d16673cdb5a3d204dbe97ac52
SHA256 d9507c83cde125a881c896b7988347db42e8864414706d0c5389c64a894e6feb
ssdeep1536: C + eXyv46Q ++ acFswTo5E8i9ZTN3xe6MB5 + VCfAk5SXdsmpE4mwU0: 3q…

Kirk Ransomware - IOC - File Details

1) Ransomware Name - Kirk

2) Encrypted Extensions - .Kirked

3) Ransom Note File - RANSOM_NOTE.txt

4) Encrypted Algorithm - AES+RSA

5) Decryptor Link - https://www.google.com/url?
q=https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/&sa=D&ust=1505123329467000&usg=AFQjCNGByKzKvqvrc_XriYgEYyclhFRmYg


6) Screenshot -


7) Indicators of Compromise -
Active email addresses:
kirk.help@scryptmail.com
kirk.payments@scryptmail.com


8) File Details -
MD5 78117f7acc8b385e9b29fe711436d16d
SHA1 0d4dfe880f8ec4b394f49f1a2608200dd06ba8a6
SHA256 39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc
ssdeep98304: / IEyVyGHAeBysDq7g5SspYPchCPgkMOu4 + vQqzKdJcqXlduupA5gEbvU0Ods + 0kb: QXl / qSSspHI7vu4 + vicqy5Jv6dsuV
authentihash  7cf8bc9292554296bfc8e93b1a6c76edbfdca384b67c4e58714b159378250fc6
imphash  05a03ed18d2e75f8c4f1c5bcf287ac56
The file size is 5.5 MB (5756255 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS …

KimcilWare Ransomware - IOC - File Details

1) Ransomware Name - KimcilWare

2) Encrypted Extenions -
.kimcilware
.locked

3) Ransom Note File - README_FOR_UNLOCK.txt

4) Encrypted Algorithm - AES

5) Decryptor Link - https://www.google.com/url?q=https://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it&sa=D&ust=1505123329466000&usg=AFQjCNH0OTulSZKUoSkg9yzjJvhUzX03Fg


6) Screenshot -

7) Indicators of Compromise - tuyuljahat@hotmail.com


8) File Details - NA

KillerLocker Ransomware - IOC - File Details

1) Ransomware Name - KillerLocker

2) Encrypted Extensions - .rip

3) Ransom Note File - KillerLocker.exe

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshot -
7) Indicators of Compromise - NA

8) File Details - NA

KillDisk Ransomware - IOC - File Details

1) Ransomware Name - KillDisk

2) Encrypted Extensions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - AES(256) and RSA

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Comromise - e-mail:vuyrk568gou@lelantos.org

8) File Details -
MD5 68cf2070d8fb4963211cfa4f2daa72e5
SHA1 26633a02c56ea0df49d35aa98f0fb538335f071c
SHA256 0dc82b9f257a3c03d51c4792fd6fc11a29814008651bbf40ae9cdd5f16455743
ssdeep3072: UUAQYvL + kIPodaOzYicI65Xw4BzmkJ6ZGtT1: UUAQYvLhIPodaOc065g4Uo6Zk1
authentihash  2105337fe3f302d603b775675bf1776e0b769f9ce587ed7bebf923e73f729dfd
imphash  1cf24811a4845c292e9c580ab079a437
The size of the file is 172.0 KB (176128 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit


MD5 0e5a42920c94f4c
a36cc0764bdbfc3d
SHA1 b2e566c3ce8da3c6d9b4dc2811d5d08729dc2900
SHA256 368d5c536832b843c6de2513baf7b11bcafea1647c65df7b6f2648840fa50f75
ssdeep3072: E0CxNxH0snE6G82K1LZhYxoEERoXeiqU1iHWhOgJIZ5IkWto: E0CxNxH0sg8241hYxS9i0WhLIZ5Ikv
authentihash  91…

KEYHolder Ransomware - IOC - File Details

1) Ransomware Name - KEYHolder

2) Encrypted Extensions - NA

3) Ransom Note File -
how_decrypt.gif
how_decrypt.html

4) Encrypted Algorithm - RSA-2048

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise -
http://www.torproject.org/torbrowser.html.en
mwyigd4n52mkbyhe.onion


8) File Details - NA

KillDisk Ransomware - IOC - File Details

1) Ransomware Name - KillDisk

2) Encrypted Extensions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - AES(256) and RSA

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Comromise - e-mail:vuyrk568gou@lelantos.org

8) File Details -
MD5 68cf2070d8fb4963211cfa4f2daa72e5
SHA1 26633a02c56ea0df49d35aa98f0fb538335f071c
SHA256 0dc82b9f257a3c03d51c4792fd6fc11a29814008651bbf40ae9cdd5f16455743
ssdeep3072: UUAQYvL + kIPodaOzYicI65Xw4BzmkJ6ZGtT1: UUAQYvLhIPodaOc065g4Uo6Zk1
authentihash  2105337fe3f302d603b775675bf1776e0b769f9ce587ed7bebf923e73f729dfd
imphash  1cf24811a4845c292e9c580ab079a437
The size of the file is 172.0 KB (176128 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit


MD5 0e5a42920c94f4c
a36cc0764bdbfc3d
SHA1 b2e566c3ce8da3c6d9b4dc2811d5d08729dc2900
SHA256 368d5c536832b843c6de2513baf7b11bcafea1647c65df7b6f2648840fa50f75
ssdeep3072: E0CxNxH0snE6G82K1LZhYxoEERoXeiqU1iHWhOgJIZ5IkWto: E0CxNxH0sg8241hYxS9i0WhLIZ5Ikv
authentihash  91…

KeyBTC Ransomware - IOC - File Details

1) Ransomware Name - KeyBTC

2) Encrypted Extensions -
keybtc@inbox_com
lblMain.txt
lbBitcoinInfoMain.txt
lbFinallyText.txt
<random_name>.exe

3) Ransom NOte File -
DECRYPT_YOUR_FILES.txt
READ.txt
readme.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://decrypter.emsisoft.com/&sa=D&ust=1505111525702000&usg=AFQjCNEdAGq4IMiebdjPjM8leBvkBjvASQ


6) Screenshot -

7) Indicators of Compromise -  john.perezzka@gmail.com


8) File Details - NA

KeRanger Ransomware - IOC - File Details

1) Ransomware Name - KeRanger

2) Encrypted Extensions - .encrypted

3) Ransom Note File - NA

4) Encrypted Algorithm - AES

5) Decryptor Link - https://www.google.com/url?q=http://news.drweb.com/show/?i%3D9877%26lng%3Den%26c%3D5&sa=D&ust=1505111525701000&usg=AFQjCNFDCni561Opm9FUqrfdufQVZ9rUfg


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details - NA

KawaiiLocker Ransomware - IOC - File Details

1) Ransomware Name - KawaiiLocker

2) Encrypted Extensions - crypt_list

3) Ransom Note File - How Decrypt Files.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://safezone.cc/resources/kawaii-
decryptor.195/&sa=D&ust=1505111525701000&usg=AFQjCNGyicsGXGsXnOhKvUIYwul5tTajTQ


6) Screenshot -


7) Indicators of Compromise -
decrypt2016@yahoo.com
http://7476357288-0.myjino.ru/
http://81.177.139.161/
vssadmin delete shadows /for=C:\/all


8) File Details -
D5 ffdded13a21ff8eeba9ccc815ee7d448
SHA1 8b54db5df8bfeef8b96314ac1d66537f7ba4065d
2SHA256 d7cbf7c35c703235788f854ff7997c0207104bbb6170a6ed4435dc9b426f78de
ssdeep6144: 6uU6G2yg5rMZbVl24k4BeE9egvMRgbw3S51MAdmERAIo6qqDLupIh: Y6G2yg5rOVl2gjMOUgmbIoPqnup
authentihash  33960769d9a7d897842eedf1db74844d3c75d7c4c9909b383c4124eb7ecb0e0b
imphash  81999f8f4ba7439cc77b3d6b1e3d04cb
The size of the file is 444.5 KB (455168 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 …

Kasiski Ransomware - IOC - File Details

1) Ransomware Name - Kasiski

2) Encrypted Extensions - [KASISKI]

3) Ransom Note File -
INSTRUCCIONES.txt
wpm.jpg
kasiski.exe

4) Encrypted Algorithm - NA

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 b412ca027519329da9fd10727fe40f08
SHA1 9265831767cadcff8192704047c7648b4fa21b4d
SHA256 7d58127aa8e157163799fa9180a5fa738df2d20619e1e27b09fa086401f10706
ssdeep393216: IwX + xKzY4Z7Tjf54aw5XBPaVSLo8pz7FD: Im / zZ7Pxrw5XK8o8pvFD
authentihash  43ba7626a86c5f53929a2879b3433a57b28527edd3157aa0df88a0abd7c3887c
imphash  2c9e98790fd9f920c8aca8d84943961f
The size of the file is 14.0 MB (14648721 bytes)
Win32 EXE file type
DescriptionPE32 + executable for MS Windows (console) Mono / .Net assembly

Karmen Ransomware - IOC - File Details

1) Ransomware Name - Karmen

2) Encrypted Extensions - .grt

3) Ransom Note File -
joise.exe
karmen.exe
n_karmen.exe

4) Encrypted Algorithm - NA

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 05427ed1c477cc01910eb9adbf35068d
SHA1 4fce6a20b08ca7861bf8e0a3b40182a17a87514c
SHA256 c3db8be366aa96a630613e20283e9ce2c3c4fc7c033c6e0800704612cfbc2294
ssdeep384: hP3laGGkP4ozvyHSGOMWoZeXw5MfKWxt7: hd3hhoZt5y
authentihash  22b5b4442bc8e99b41e8b497f87e076e07c7ec356421bdf8fdafe2daee461e07
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 12.5 KB (12800 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

MD5 855bb25215b588c78a0c3159de1ba3a7
SHA1 d6b7bacbf445fe7769477e9c6b99894702dacba6
SHA256 a9b8de6c83f39c9fd473a35ff38c2158fb34c3c968ca9b233faf19d4f14983e5
ssdeep384: IuM8umaPRz6BPRpvaZPUFsAyMkNbPwGqK8rmUpeHSGOMTrlZEibpYLRnftrRtPjM: 1M8umEGpIUFHyMz9rm1nEBnftNh9B0
authentihash  52d9d827c66f7e0…

Karma Ransomware - IOC - File Details

1) Ranosmware Name - Karma

2) Encrypted Extensions - .karma

3) Ransom Note File -
# DECRYPT MY FILES #.html
# DECRYPT MY FILES #.txt

4) Encrypted Algorithm - AES

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise -
hxxp://windows-tuneup.com/web293/xUser.php
hxxp://karma2xgg6ccmupd.onion


8) File Details -
MD5 ec92cfefc3fed1f7eb18c6995bd1b34f
SHA1 8ffba0509234a24f2051b7d8fcae77858d32dd39
SHA256 68f90ea4e217c6cad65f8f70ff3d63d37e854efc480c7eb2992ecfbffccb1018
ssdeep3072: Z4OmsUJHosB6XWowVZOBYccSkpidTjtaTK4c4V7vSGnabtjfO7: Cz + sBqwViuUTjtPQzabtj
authentihash  c52b7de7ccc401cfbbd3a066fea95a232302d1025698155c176412c01e0370c2
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 258.0 KB (264192 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Kangaroo Ransomware - IOC - File Details

1) Ransomware Name - Kangaroo

2) Encrypted Extensions - .crypted_file

3) Ransom Note File - filename.Instructions_Data_Recovery.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - Email: kangarooencryption@mail.ru


8) File Details -
MD5 e5369ac309f1be6d77afeeb3edab0ed8
SHA1 b7afd3c57b074109bf576b77b33d641fd8e87871
SHA256 478383fb588665c254d416b7c50a124f82291124b002d9bad9fd758a59fd728f
ssdeep384: iX8Obeab6xAraECxkJ7PfXXqHbiqZZK09QmY1fTgT01p1MN / 9bZYVJCrZWMMF: i3lvaEcktUic5imoYC0Z3OF
authentihash  5d764ee2d6355e2437a87a38510a6e83ddb52d976976d9e28300e2124583786c
imphash  a2cd52cf31250cbc8e01c8c970423a4b
The size of the file is 18.0 KB (18432 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit



MD5 3fabc7da050eadf3f39e889f7e517d18
SHA1 cd164dd889e074b83848ade2082ac927afefc9cb
SHA256 ca86c657364522b021bb96b12330373d988d22fc7e42f868b044ee738169b9c9
ssdeep384: iX8Obeab6xAraECxkJ7PfXXqHbiqZZK09QmY1fTgT0…

Kaandsona Ransomware - IOC - File Details

1) Ransomware Name - Kaandsona

2) Enceypted Extensions - .kencf

3) Ransom Note File - NA

4) Encrypted Algorithm - AES

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 5e0d5effe04ddea6fc036fc33f18e81b
SHA1 c4bfdcc63a45c80abec0d20fbe7323f2d795c03d
SHA256 027b72fb8baef912ba8d79dc345906a5948ca6dcf4a2a900f4f0279334643724
ssdeep192: suy199zeoiNgSnrUMOSTPOIvWGfj2FcOkBurMv8UE: st3peTbnrUMbTPO4WbcTiU
authentihash  d88d5fa8d76984c3c20879f11854484ce487f39fd6766b72974cebee1910fefe
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 12.5 KB (12800 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

JohnyCryptor Ransomware - IOC - File Details

1) Ransomware Name - JohnyCryptor

2) Encrypted Extensions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - NA

8) File Details - NA

Job Crypter Ransomware - IOC - File Details

1) Ransomware Name - Job Crypter

2) Encrypted Extensions -
.locked
.css

3) Ransom Note File -
Comment débloquer mes fichiers.txt
Readme.txt

4) Encrypted Algorithm - TripleDES

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise - NA


8) File Details - NA

Jigsaw Ransomware - IOC - File Details

1) Ransomware Name - Jigsaw

2) Encrypted Extensions -
.btc
.kkk
.fun
.gws
.porno
.payransom
.payms
.paymst
.AFD
.paybtcs
.epic
.xyz
.encrypted
.hush
.paytounlock
.uk-dealer@sigaint.org
.gefickt
.nemo-hacks.at.sigaint.org

3) Ransom Note File - NA

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - https://www.google.com/url?q=http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/&sa=D&ust=1505062299909000&usg=AFQjCNGWd6-6BBCnBXdWhR-PDvRRvMRe8w


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 10fe7cd6f81357e8349d545c973033dd
SHA1 89f6fdaad78285bd97234fec2f95b9ca06805d20
SHA256 2e76903c877088fb628337a9d520c57131daf2eb13a2114381c78b3f0fdd7d3b
ssdeep768: m5uN0g6 / voLsggvJ3tKFEXTPB7d0kAF10ttSwU9: JNF6 / QLB45wKXbBx0ki2tSwO
authentihash  3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 37.5 KB (38400 bytes)

Jhon Woddy Ransomware - IOC - File Details

1) Ransomware Name - Jhon Woddy

2) Encrypted Extensions - .killedXXX

3) Ransom Note File -
WindowsApplication1.exe
Receipt.exe

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip&sa=D&ust=1505062299909000&usg=AFQjCNEFCmpj4N4G_n8enWpgesDudAWNGA


6) Screenshot -

7) indicators of Compromise - NA


8) File Details -
MD5 39b1a5e9d1c343a1a2a29247f9ec5699
SHA1 5e6f9e075d196de2613f8023a672f1e72fce331e
SHA256 a465bc08714bc760130a3f150a704df2f08af083b2aaf0c931e714019f3769e3
ssdeep12288: jueNLldLN97ji4pSc9B / CfvgLMfedSaPLaz7hyViDK: juqldL / 3da9fqhaz74V
authentihash  d2836995d95fbcd6c4cacff234d5a6b251f34cf1ebc8feabbaa566726988267a
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 408.5 KB (418304 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Jeiphoos Ransomware - IOC - File Details

1) Ransomware Name - Jeiphoos

2) Encrypted Extensions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - RC6 (files), RSA 2048 (RC6 key)

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details - NA

JapanLocker Ransomware - IOC - File Details

1) Ransomware Name - JapanLocker

2) Encrypted Extensions - JapanLocker

3) Ransom Note File - NA

4) Encrypted Algorithm - Base64 encoding, ROT13, and top-bottom swapping

5) Decryptor Link - https://www.google.com/url?q=https://github.com/fortiguard-lion/schRansomwareDecryptor/blob/master/schRansomwarev1_decryptor.php&sa=D&ust=1505062299908000&usg=AFQjCNHFCmcacptxdExbYFSCQ2Qpi_hHhQ


6) Screenshot -


7) Indicators of Compromise - japanlocker@hotmail.com


8) File Details - NA

JagerDecryptor Ransomware - IOC - File Details

1) Ransomware Name - JagerDecryptor

2) Encrypted Extensions - !ENC

3) Ransom Note File -
Important_Read_Me.html
Important_Read_Me.txt

4) Encrypted Algorithm -
RSA-2048
AES-256

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise -
smartfiles9@yandex.com
xxxx://steamcards.xyz/ghzbvychhz/  - C2


8) File Details -
MD5 7d3d04681922c50a4d7e716ebc2fd3a6
SHA1 8cdf195cf57a871e13fd67a9a9ac6dd836b9e958
SHA256 7554a27519a2c960152cbe49ecef3948cf7bad12fa21cda62c8c236bbddb502d
ssdeep24576: XN + lSpYnaceEGmmgqPpcfiBKs7qN9zg5MFkXgMkBH1n1yr6hw1R0D + UlVkG0lC99: XsaQe9DhyVu4wZkTn1yp0D5sS1HpV9F
authentihash  460b110a9eb7320f9cd11b7a86e6e53883e35c35f48920f5291f34da68e0fe9b
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 2.0 MB (2052096 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Jack.Pot Ransomware - IOC - File Details

1) Ransomware Name - Jack.Pot

2) Encrypted Extensions - .coin

3) Ransom Note File - RansomWare.exe

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Comparison - NA


8) File Detaails -
MD5 5624c920b1fd3da3a451d564bb7488d3
SHA1 2ad7aab4bdb10286646b62bdad87d8ff98ff6f56
SHA256 76657d402d22005f20f5876244cf3290bf3dbabaf440141816e37566b4eb2d16
ssdeep98304: L68FF0wrJmGSjobsFy0IqKqOUpFLOAkGkzdnEVomFHKnPX: qajQtKqOUpFLOyomFHKnPX
authentihash  0c16643cf89cc8829e78fb6600f10fc4f3c3eababe2a52ee3d7950e06ded0355
imphash  caeeca87cae5f01e84562665c6646607
The file size is 3.4 MB (3610624 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

iRansom Ransomware - IOC - File Details

1) Ransomware Name - iRansom

2) Encrypted Extensions - .Locked

3) Ransom Note File -
iRansom.exe
iRansom_2_.exe

4) Encrypted Algorithm - AES

5) Decryptor Link - NA


6) Screenshot -


7) Indicators of Compromise -
BTC wallet ID: GALAXYHIREN@SIGAINT.ORG
https://support.coinbase.com
Wallet ID: 18Md4ne***


8) File Details -
MD5 5c90ae70d8c5e24f9f1ecdba1efe25cc
SHA1 87829722251a5b2b9affab7e4fff47559a6d759b
SHA256 a6317e998f57a83a78b005ed453d4c29f44f3d36eda553f4c8894a924012964e
ssdeep24576: qQOaeJC + I4nYVj73RIKz5HlAMcR8pAfCfKDprsnYVj73RIKz5HlAMcR8pAfCfKDh: aoYYh3 + 0lAkqCKpIYh3 + 0lAkqCKp
authentihash  d467377813b6d8e9a82705ab8842372bf48b1e98d7bcb8d20958a20bce801d52
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 1.7 MB (1733120 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

International Police Association Ransomware - IOC - File Details

1) Ransomware Name - International Police Association

2) Encrypted Extensions - NA

3) Ransom Note File -
Build.exe
IAC.txt
locked.zip

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=http://download.bleepingcomputer.com/Nathan/StopPirates_Decrypter.exe&sa=D&ust=1504809438702000&usg=AFQjCNFO-bz0ycpbeSgAv8ajLv8R0tBi4g


6) Screenshots -


7) Indicators of Compromise - NA


8) File Details -
MD5 743940ef07ca243665667e5b29af8901
SHA1 5b2c9ce1ec8c8b24ff3a28f343ecd7f570bc1a03
SHA256 51284b527ec57859d3d50b0d3a839f5efb2391cc0fe91b816bf030b1ebbc8ebb
ssdeep192: fXL4gwO1xAWw6ZhYG6XrzvbSLPk35sV0Ic: v5g6Ln6XrzvbSTkpk
authentihash  e858e4318f883ce52d848a78a92169eb84f7f081baf5b43e0767186199d12a98
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 7.5 KB (7680 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

iLockLight Ransomware - IOC - File Details

1) Ransomware Name - iLockLight

2) Encrypted Extensions - .crime

3) Ransom Note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise - NA

8) File Details - NA

iLock Ransomware - IOC - File Details

1) Ransomware Name - iLock

2) Encrypted Extensions - .crime

3) Ransom Note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise - NA


8) File Details - NA