Skip to main content

Usage Policy


Every post in this blog is under:

Creative Commons Attribution version 4.0: This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Comments

Popular posts from this blog

Locked-In Ransomware - IOC - File Details

1) Ransomware Name - Locked-In

2) Encrypted Extensions - .novalid

3) Ransom note File -
RESTORE_CORUPTED_FILES.HTML
RESTORE_NOVALID_FILES.HTML

4) Encrypted Algorithm - AES-256

5) Decryptor Link - https://www.google.com/url?
q=https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/&sa=D&ust=1505219068689000&usg=AFQjCNF9ioLcjI8uj-Oh5swSsBA9DBqXMw


6) Screenshot -


7) indicators of Compromise - NA


8) File Details -
MD5 b6ffac29f16e859b7aa8ab7f62b0bcef
SHA1 2eb0644345f4fbde656f316c7d9ce6866ec4335e
SHA256 8cc8125ce0cace7e1f090015a7a2e55aa0bbd06318a3f29c0a11cb6c85ad2264
ssdeep768: L / 1L41c / gaxme9hpfILteybyD1D9Hnfl9AtSy: L9LQOALMybyDJ9N9Aoy
authentihash  e4ca172031e3b85a97b9ca031b97ec94c9d32d9e7cdb33a6349462c01130ead4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 38.0 KB (38912 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Hermes Ransomware - IOC - File Details

1) Ransomware Name - Hermes

2) Encrypted Extensions - NA

3) Ransom Note File -
DECRYPT_INFO.txt
DECRYPT_INFORMATION.html
UNIQUE_ID_DO_NOT_REMOVE - файл с ID
hermes.exe
Reload.exe
system_.bat
shade.bat
shade.vbs

4) Encrypted Algorithm - AES

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/&sa=D&ust=1504791164932000&usg=AFQjCNFF6L6BKQM0Gy3ludx8JBJ5nDRdiA

6) Screenshot -

7) Indicators of Compromise -
primary email: BM-2cXfK4B5W9nvci7dYxUhuHYZSmJZ9zibwH@bitmessage.ch
reserve email: x2486@india.com
8) File Details -
MD5 61075faba222f97d3367866793f0907b
SHA1 cc033c3bf41550563a180444b6166515faa53c3a
SHA256 059aab1a6ac0764ff8024c8be37981d0506337909664c7b3862fc056d8c405b0
ssdeep1536: 9 + Gy5E9sg99CxI4dqFhTfLZ8Lb1WyHVviF9k6zeEkA5YaH88C5Wa / HR: D2E9R9sxfdiqLP1a9keeEkA5YA9afR
authentihash  2504f77bf5514730023a60626445ee71d8ee4e60c18ad92ea5c8f33efc5ed43d
imphash  ff847787dd14576ae2…

LockLock Ransomware - IOC - File Details

1) Ransomware Name - LockLock

2) Encrypted Extensions - .locklock

3) Ransom Note File - READ_ME.TXT

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise -
locklockrs@aol.com
http://b1t.do/locklockrs
Skype : locklockrs
www.locklock.net  (200.63.45.76)
C2: locklock.net/tmp/savekey.php


8) File Details - NA