Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Shade #Troldesh #Ransomware
- ---------------------------------
- 17-01-2019 IOC's
- ---------------------------------
- Main object- "rasy.jpg"
- url http://epifaniacr.net/rasy.jpg
- sha256 cbcc00905b93912dc6c51fc8913e5a7d105f7cd4b98a7ffa7da1f0d2c4f172f5
- sha1 a3c6c1153952b9ed50db06fb0aed44b97454a142
- md5 5eed3d7625e01c2d1196f6ca6a0fefeb
- DNS requests
- domain whatsmyip.net
- domain whatismyipaddress.com
- Connections
- ip 195.138.255.24
- ip 104.16.20.96
- ip 208.83.223.34
- ip 104.18.34.131
- ip 148.251.11.21
- ip 131.188.40.189
- ip 62.210.83.207
- ip 85.229.85.213
- ip 86.59.21.38
- HTTP/HTTPS requests
- url http://whatismyipaddress.com/
- url http://whatsmyip.net/
- -----------------------------------------
- **RANSOMNOTE**
- -----------------------------------------
- All the important files on your computer were encrypted.
- To decrypt the files you should send the following code:
- 906D0F2E2F604F839E04|0
- to e-mail address Novikov.Vavila@gmail.com .
- Then you will receive all necessary instructions.
- All the attempts of decryption by yourself will result only in irrevocable loss of your data.
- If you still want to try to decrypt them by yourself please make a backup at first because
- the decryption will become impossible in case of any changes inside the files.
- If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!),
- use the feedback form. You can do it by two ways:
- 1) Download Tor Browser from here:
- https://www.torproject.org/download/download-easy.html.en
- Install it and type the following address into the address bar:
- http://cryptsen7fo43rr6.onion/
- Press Enter and then the page with feedback form will be loaded.
- 2) Go to the one of the following addresses in any browser:
- http://cryptsen7fo43rr6.onion.to/
- http://cryptsen7fo43rr6.onion.cab/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement