Skip to main content

Usage Policy


Every post in this blog is under:

Creative Commons Attribution version 4.0: This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Comments

Popular posts from this blog

Locked-In Ransomware - IOC - File Details

1) Ransomware Name - Locked-In

2) Encrypted Extensions - .novalid

3) Ransom note File -
RESTORE_CORUPTED_FILES.HTML
RESTORE_NOVALID_FILES.HTML

4) Encrypted Algorithm - AES-256

5) Decryptor Link - https://www.google.com/url?
q=https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/&sa=D&ust=1505219068689000&usg=AFQjCNF9ioLcjI8uj-Oh5swSsBA9DBqXMw


6) Screenshot -


7) indicators of Compromise - NA


8) File Details -
MD5 b6ffac29f16e859b7aa8ab7f62b0bcef
SHA1 2eb0644345f4fbde656f316c7d9ce6866ec4335e
SHA256 8cc8125ce0cace7e1f090015a7a2e55aa0bbd06318a3f29c0a11cb6c85ad2264
ssdeep768: L / 1L41c / gaxme9hpfILteybyD1D9Hnfl9AtSy: L9LQOALMybyDJ9N9Aoy
authentihash  e4ca172031e3b85a97b9ca031b97ec94c9d32d9e7cdb33a6349462c01130ead4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 38.0 KB (38912 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Hermes Ransomware - IOC - File Details

1) Ransomware Name - Hermes

2) Encrypted Extensions - NA

3) Ransom Note File -
DECRYPT_INFO.txt
DECRYPT_INFORMATION.html
UNIQUE_ID_DO_NOT_REMOVE - файл с ID
hermes.exe
Reload.exe
system_.bat
shade.bat
shade.vbs

4) Encrypted Algorithm - AES

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/&sa=D&ust=1504791164932000&usg=AFQjCNFF6L6BKQM0Gy3ludx8JBJ5nDRdiA

6) Screenshot -

7) Indicators of Compromise -
primary email: BM-2cXfK4B5W9nvci7dYxUhuHYZSmJZ9zibwH@bitmessage.ch
reserve email: x2486@india.com
8) File Details -
MD5 61075faba222f97d3367866793f0907b
SHA1 cc033c3bf41550563a180444b6166515faa53c3a
SHA256 059aab1a6ac0764ff8024c8be37981d0506337909664c7b3862fc056d8c405b0
ssdeep1536: 9 + Gy5E9sg99CxI4dqFhTfLZ8Lb1WyHVviF9k6zeEkA5YaH88C5Wa / HR: D2E9R9sxfdiqLP1a9keeEkA5YA9afR
authentihash  2504f77bf5514730023a60626445ee71d8ee4e60c18ad92ea5c8f33efc5ed43d
imphash  ff847787dd14576ae2…

Apocalypse Ransomware - IOC

1) Ransomware Name - Apocalypse
2) Encrypted Extensions -
.encrypted
.SecureCrypted
.FuckYourData
.unavailable
.bleepYourFiles
.Where_my_files.txt
3) Ransom Note File - Decryption Instructions.tyt
4) Encrypted Algorithm - AES(256)
5) Decryptor Link - NA
6) Screenshots -

7) Indicators of Compromise -
decryptionservice@mail.ru
decryptservice@inbox.ru
recoveryhelp@bk.ru
ransomware.attack@list.ru
esmeraldaencryption@mail.ru
dr.compress@bk.ru

8) File Details -
MD5 e5369ac309f1be6d77afeeb3edab0ed8
SHA1 b7afd3c57b074109bf576b77b33d641fd8e87871
SHA256 478383fb588665c254d416b7c50a124f82291124b002d9bad9fd758a59fd728f
ssdeep384:iX8Obeab6xAraECxkJ7PfXXqHbiqZZK09QmY1fTgT01p1MN/9bZYVJCrZWMMF:i3lvaEcktUic5imoYC0Z3OF
authentihash  5d764ee2d6355e2437a87a38510a6e83ddb52d976976d9e28300e2124583786c
imphash  a2cd52cf31250cbc8e01c8c970423a4b
File size 18.0 KБ ( 18432 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit