API tools faq
paste
Advertisement
G0dR4p3

GandCrab_Ransomware IOC's_18-06-2018

G0dR4p3
Jun 18th, 2018
1,046
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.82 KB | None | 0 0
raw download clone embed print report
  1. #GandCrab v3 #Ransomware #Trojan
  2. ----------------------------------------
  3. 18-06-2018 IOC's
  4. ----------------------------------------
  5.  
  6. Main object- "MOV_43.js"
  7. sha256 60e96944d6505f77a4d865d3c5500f80547f4f3eb3f868b06ab62dfeb0b71e27
  8. sha1 85c9cb7a8a8b78c28960e669d4f17c1e0dc44c9a
  9. md5 f7bca1c9011e0e96d412c137bf71be1b
  10. Dropped executable file
  11. sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\WLQBH2R9\1[1].pdf 507de2042fa0289a5a39fc8f72ad4d1d27cca39f481db133bda2f689d380e105
  12. sha256 C:\Users\admin\AppData\Roaming\Microsoft\xzldbg.exe 046891cb3e3e56efe3ccae11833d23d27675a5f9b0d0fb24d6e280728f150d66
  13. DNS requests
  14. domain www.torproject.org
  15. domain carder.bit
  16. domain ipv4bot.whatismyipaddress.com
  17. domain ns1.wowservers.ru
  18. domain yayasanarrisalah.com
  19. Connections
  20. ip 190.35.242.126
  21. ip 66.171.248.178
  22. ip 62.210.28.83
  23. ip 78.40.139.73
  24. ip 84.236.74.22
  25. ip 138.201.14.197
  26. ip 2.16.186.120
  27. ip 152.199.19.161
  28. ip 2.16.186.97
  29. HTTP/HTTPS requests
  30. url http://carder.bit/lferelf?s=owb
  31. url http://carder.bit/eresee?score=er
  32. url http://yayasanarrisalah.com/update.php
  33. url http://carder.bit/
  34. ------------------------------------------------
  35. RANSOM NOTE:
  36.  
  37. ��---= GANDCRAB V3 =---
  38.  
  39.  
  40.  
  41. Attention!
  42.  
  43. All your files documents, photos, databases and other important files are encrypted and have the extension: .CRAB
  44.  
  45. The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.
  46.  
  47.  
  48. The server with your key is in a closed network TOR. You can get there by the following ways:
  49.  
  50. 0. Download Tor browser - https://www.torproject.org/
  51.  
  52. 1. Install Tor browser
  53.  
  54. 2. Open Tor Browser
  55.  
  56. 3. Open link in TOR browser: http://gandcrab2pie73et.onion/b99ffda26b799fa
  57.  
  58. 4. Follow the instructions on this page
  59.  
  60.  
  61.  
  62. On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
  63.  
  64.  
  65. The alternative way to contact us is to use Jabber messanger. Read how to:
  66. 0. Download Psi-Plus Jabber Client: https://psi-im.org/download/
  67. 1. Register new account: http://sj.ms/register.php
  68. 0) Enter "username": b99ffda26b799fa
  69. 1) Enter "password": your password
  70. 2. Add new account in Psi
  71. 3. Add and write Jabber ID: ransomware@sj.ms any message
  72. 4. Follow instruction bot
  73.  
  74.  
  75. ATTENTION!
  76. It is a bot! It's fully automated artificial system without human control!
  77. To contact us use TOR links. We can provide you all required proofs of decryption availibility anytime. We are open to conversations.
  78. You can read instructions how to install and use jabber here http://www.sfu.ca/jabber/Psi_Jabber_PC.pdf
  79.  
  80. CAUGHTION!
  81.  
  82. Do not try to modify files or use your own private key. This will result in the loss of your data forever!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!