API tools faq
paste
Advertisement
G0dR4p3

(Scarab)_Ransomware_IOCs_11-01-2019

G0dR4p3
Jan 9th, 2019
467
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.12 KB | None | 0 0
raw download clone embed print report
  1. #Ransomware (#Scarab)
  2. -------------------------------
  3. 10-01-2019 IOC's
  4. -------------------------------
  5. Main object- "02dbf34b3426528f699f8ddb135e8026162078b5ae347d09fe36f04764931709.bin.gz"
  6. sha256 1b99e16f4ab4fdf221852a540a081bd7a7611f625470912e35898029805bc6e8
  7. sha1 d88a1b10dd2085b92be5cc2f2dae648d4bf30c2f
  8. md5 1e7275efddc646ea81f64052784a7827
  9. Dropped executable file
  10. sha256 C:\Users\admin\Desktop\02dbf34b3426528f699f8ddb135e8026162078b5ae347d09fe36f04764931709.bin.gz 02dbf34b3426528f699f8ddb135e8026162078b5ae347d09fe36f04764931709
  11.  
  12. ---------------------
  13. Contact Emails:
  14. xcv786@mail.ee
  15. xcv786@india.com
  16. xcv786@tutanota.co
  17. ----------------------
  18. appends .crypted034 to encrypted files.
  19.  
  20. ----------------------
  21. RANSOMNOTE
  22. ----------------------
  23. Your files are now encrypted!
  24.  
  25. Your personal identifier:
  26. 6A0200000000000056E7A6641D92C91180300C035B926FBBFFC6D830C30312CBBA9055DDB8F6CC4FE57BE167D733D6527372
  27. D1D7E1EB1DA76C5B46D7B37AE579F2B6CCBD0617FFC8682A463D67A5DAC94BD9D6ACE5F09259F386B5E957EEB13DA681BC43
  28. 4A64C4DBB70651E74D77A12BD37459A90D2F9322DA9DADE777DEE7E5BD3BA5D4C5356BCD73A33790C065C90C9A29DB66FD00
  29. CCF709C159A3AD72A76BF7F9C55EAECB1ABC418E73B69100962B0CF59C8FBCD0273E1135D362E86EB223AA7B48D5E290C463
  30. 3BDE32CCCD33807A3C81F38905EB23B913DA2DEEC4122AA8B12BD2C8888C7AE43A3AC176230C7941F6C9BE3393DB453C14B6
  31. 59CC1CB554711B81D1B859D4F90E41D1902D601C89E6C290E131478E541588C91515729AA9C2F9D1799BF157CC3DD26DD188
  32. C0BFB848051AD7989330ED386E6C66B3A105B5C47FB5F101
  33.  
  34. All your files have been encrypted due to a security problem with your PC.
  35.  
  36. Now you should send us email with your personal identifier.
  37. This email will be as confirmation you are ready to pay for decryption key.
  38. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
  39. After payment we will send you the decryption tool that will decrypt all your files.
  40.  
  41. Contact us using this email address: xcv786@mail.ee (xcv786@india.com, xcv786@tutanota.com)
  42. If you don't get a reply or if the email dies, then contact us using Bitmessage.
  43. Download it form here: https://github.com/Bitmessage/PyBitmessage/releases
  44. Run it, click New Identity and then send us a message at BM-2cVX9BfFbwjVZSi9jMPY22F6aeKMTny46y
  45.  
  46. Free decryption as guarantee!
  47. Before paying you can send us up to 3 files for free decryption.
  48. The total size of files must be less than 10Mb (non archived), and files should not contain
  49. valuable information (databases, backups, large excel sheets, etc.).
  50.  
  51. How to obtain Bitcoins?
  52. * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
  53. 'Buy bitcoins', and select the seller by payment method and price:
  54. https://localbitcoins.com/buy_bitcoins
  55. * Also you can find other places to buy Bitcoins and beginners guide here:
  56. http://www.coindesk.com/information/how-can-i-buy-bitcoins
  57.  
  58. Attention!
  59. * Do not rename encrypted files.
  60. * Do not try to decrypt your data using third party software, it may cause permanent data loss.
  61. * Decryption of your files with the help of third parties may cause increased price
  62. (they add their fee to our) or you can become a victim of a scam.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!