�� esetnod32.ru [��: �� ]

�� PRO32

Sun, 26 Jan 2025 21:39:25 +0300

�� PRO32 � �� .
�� ! � �� "�� ", �� . �� , �� , �� . �� ESET � �� . �� : https://forum.pro32.com/ ��!
26.01.2025 21:39:25, �� .

��-�� (.kasper)

Fri, 02 Aug 2024 10:14:16 +0300

��-�� (.kasper) PROXIMA/btc-azadi � �� .
��-�� (.kasper)
1CZDR_2024-08-02_11-29-37_v4.99.0v x64.7z
�� .zip
02.08.2024 10:14:16, �� ..

Lockbit v3 Black: *. 7nqxXHqux;

Sat, 04 May 2024 09:03:49 +0300

Lockbit v3 Black: *. 7nqxXHqux; � �� .
��. �� , �� . �� 7nqxXHqux.README.txt

��

[RU]
�� , �� : 0B1FEA045F37A6FA4A8AFE62212194C7A437AA6A91887575B037B874BDF2B2434C21DEC4666F
�� Tox ��: https://tox.chat/download.html
��.zip
04.05.2024 09:03:49, Kuim Yura.

�� m0r0kt34m@gmail.com

Fri, 02 Feb 2024 13:28:45 +0300

�� m0r0kt34m@gmail.com � �� .
�� , �� .
�� . � ��, �� .
�� !
crypt.rar
02.02.2024 13:28:45, �� .

�� Ouroboros/VoidCrypt. �� MRN

Wed, 16 Aug 2023 16:41:15 +0300

�� Ouroboros/VoidCrypt. �� MRN �� voidCrypt. �� RSA ��. �� .
�� . �� . � �� , �� VoidCrypt. �� , �� RSA. �� . �� , �� , �� . �� : rar � ��, � �� RSA. �� , �� (��, �� ), �� RSA (�� ), �� . �� -��, �� .
unlock-info.txt
�� .txt
decrypt.rar
16.08.2023 16:41:15, Macros macros.

�� .BLACK

Tue, 04 Apr 2023 18:12:27 +0300

�� .BLACK BlackHunt � �� .
�� BLACK HUNT

�� :

"As you can see we have penetrated your whole network due some critical network insecurities
All of your files such as documents, dbs and... Are encrypted and we have uploaded many important data from your machines,
and believe we us we know what should we collect.

However you can get your files back and make sure your data is safe from leaking by contacting us using following details :

Primary email :RyanRinse@mailfence.com

Secondary email(backup email in case we didn't answer you in 24h) :RyanRinse@firemail.de

Your machine Id : NISsdNg7kCd00XYU
use this as the title of your email

(Remember, if we don't hear from you for a while, we will start leaking data)"

�� , �� !

�� , �� ! =)
�� 1111.7z
04.04.2023 18:12:27, �� .

�� .EXTEN; .CROW; .MEOW; .PUTIN; .KREMLIN; .RUSSIA; LOCK2023; RCHAT; RUBEN; CRUST; met@n; GAZPROM

Sun, 12 Feb 2023 09:36:39 +0300

�� .EXTEN; .CROW; .MEOW; .PUTIN; .KREMLIN; .RUSSIA; LOCK2023; RCHAT; RUBEN; CRUST; met@n; GAZPROM �� Conti � �� .
�� *.EXTEN; *.CROW; *.MEOW; *.PUTIN; *.KREMLIN; *.RUSSIA; *.LOCK2023; *.RCHAT; *.RUBEN; *.CRUST; *.met@n; *.GAZPROM
-----------
�� *.PUTIN; *.KREMLIN; *.RUSSIA;
12.02.2023 09:36:39, santy.

�� *.hydra

Wed, 09 Nov 2022 17:39:45 +0300

�� *.hydra filecoder.hydra; theDMR � �� .
�� ?
files.zip
09.11.2022 17:39:45, �� .

�� .FISTING; .likeoldboobs; .Washedback; .Gachimuchi; .Horsefucker; .crxxx; .nigra; .x101

Thu, 14 Jul 2022 11:38:52 +0300

�� .FISTING; .likeoldboobs; .Washedback; .Gachimuchi; .Horsefucker; .crxxx; .nigra; .x101 Win32/Filecoder.NSF/SojusZ � �� .
�� , �� , � �� , �� 2022.
�� Cryakl.
�� RDP - 100%
�� .
https://mega.nz/file/j0IXSQYC#mh4SPmRNFkSIX2qBExyIy-t8tE-VM1rBJw6NVYvuFHc

ELC_Logs
https://mega.nz/file/jgpngTab#B69BwGXfYKHKXKStZAKZ5oRfdO36cJkjin-eiCgpwJ4

�� , �� .

��

��
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ==================================================================================================== To receive the private key and decryption program follow the instructions below: 1. Write to our skype - Dungeon Masters Decryption Also you can write ICQ live chat which works 24/7 @DUNGEONMASTERS Install ICQ software on your PC https://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ Write to our ICQ @DUNGEONMASTERS https://�/icq.im/DUNGEONMASTERS 2. Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of them We respect your time and waiting for respond from your side tell your MachineID: 345132855D and LaunchID: 3eec70e412 ====================================================================================================

��

14.07.2022 11:38:52, �� .

��

Mon, 17 Jan 2022 11:15:13 +0300

�� .
1. ��, ��, � �� ESET.

2. ��

�Crypted� (�� , �� )

� �� - 10 �� MS Office (.doc, .xls, .ppt ��) �� , �� Windows (��, C:\��\��\��\�� \��.jpg), �� - 5 ��.

�Filecoder� (�� -�� /�� (*.html, *.hta, *.txt �� ), � �� infected )

�� (�� ) �� , �� . � �� , �� , �� ("�� ") � �� : *.exe >> *.vexe; *.hta>> *.vhta; *.txt >>.vtxt.
�� , ��, 7-zip � �� .
http://www.7-zip.org/a/7z1510.exe - �� 32 - � �� .
http://www.7-zip.org/a/7z1510-x64.exe - �� 64 - � �� .

"ess_logs.zip" (�� ESETLogCollector)

�� ESET Log Collector �� :
https://download.eset.com/com/eset/tools/diagnosis/log_collector/latest/esetlogcollector.exe

�� ELC ��, �� :
�� . �� ESET Log Collector �� (�� "�� ").

� �� "�� ESET" �� "�� " � �� . �� , �� , �� , �� "ess_logs.zip". �� , �� "...". �� . �� 20��, �� , � �� .

"SysVulnCheck_out.zip" (��, �� ESETSysVulbCheck)

�� ESETSysVulnCheck[/B] �� (�� IE)
https://ftp.eset.sk/samples/svchecker/ESETSysVulnCheck.exe

� �� . �� , �� , �� - �� "SysVulnCheck_out.zip". �� .

-------------------------------

3. �� :

http://www.esetnod32.ru/support/knowledge_base/solution/?IBLOCK_ID=53&SECTION_ID=1782&ELEMENT_ID=853007
17.01.2022 11:15:13, santy.

�� .ps1wek

Fri, 14 Jan 2022 13:27:58 +0300

�� .ps1wek Hakbit � �� .
�� ?
14.01.2022 13:27:58, �� .

�� .Loki; .Blackbit

Thu, 13 Jan 2022 13:14:17 +0300

�� *.Loki; *.Blackbit Loki.Locker � �� .
��.

�� . �� , �� , �� .
��, ��!!!
�� : �� . �� USB. �� . �� - ��. � �� .
�� -�� - �� .
Restore-My-Files.txt
�� - ��.rar
13.01.2022 13:14:17, �� .

�� .MUST; .GanP; .CLEAN; .c0v; .JRB; .dts; .TCYO; .6ix9; .RZA; .RME; .yUixN; .nomad; .MOON; .chld; .WOLF; .NaS; .lsas; .MS; .WORM; .NEEH; .Deeep; .DC; .Xqxqx; .C1024; .ver; .RED; .bmo; .MTX; .cip: .Bl; .kl

Sun, 26 Dec 2021 08:31:20 +0300

�� .MUST; .GanP; .CLEAN; .c0v; .JRB; .dts; .TCYO; .6ix9; .RZA; .RME; .yUixN; .nomad; .MOON; .chld; .WOLF; .NaS; .lsas; .MS; .WORM; .NEEH; .Deeep; .DC; .Xqxqx; .C1024; .ver; .RED; .bmo; .MTX; .cip: .Bl; .kl Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
��, �� Crysis, �� :

1. �� , �� ;
2. �� ;
3. �� ;
4. �� RDP;
5. �� (�� 3389) �� RDP;
6. �� , ��
7. �� , ��
8. �� (�� ), �� VPN ��, �� IP (�� );

�� CrySis/Dharma, �� :

====quote====
cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; .LOG; .1dec; .xati; .GET; .Back; .Aim; .get; .abc; .rec; .NW24; .gtf; .cl; .gold; .eur; .blm; .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help; .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman; .ORAL; .Jessy; .ROG; .biden; .eofyd; .duk; .LAO; .pirat; .liz; .bqd2; .4o4; .ctpl; .error; .zphs; .2122; .HPJ; .bdev; .eye; .root; .rdp; .DELTA; .PARTY; .cnc; .ZIG; .xcss; .nmc; .ZEUS; .OFF; .PcS; .pause; .myday; .grej; .DT; .dance; .TOR; .MUST; .GanP; .CLEAN; .c0v; .JRB; .dts; .TCYO; .6ix9; .RZA; .RME; .yUixN; .nomad; .MOON; .chld; .WOLF; .NaS; .lsas; .MS; .WORM; .NEEH; .Deeep; .DC; .Xqxqx; .C1024; .ver; .RED; .bmo; .MTX; .cip: .Bl; .kl
=============

26.12.2021 08:31:20, santy.

�� .LIZARD; .DoNotWorry; .SUMMON

Wed, 30 Jun 2021 09:16:06 +0300

�� .LIZARD; .DoNotWorry; .SUMMON Filecoder.Flamingo/DMR/Trojan.Encoder.32508 � �� .

�� .

�� , �� .

�� ?

�� . �� "��".

�� .

11VK 300X1000.zip
#ReadThis.TXT
30.06.2021 09:16:06, �� .

�� .ORAL; .Jessy; .ROG; .biden; .eofyd; .duk; .LAO; .pirat; .liz; .bqd2; .4o4; .ctpl; .error; .zphs; .2122; .HPJ; .bdev; .eye; .root; .rdp; .DELTA; .PARTY; .cnc; .ZIG; .xcss; .nmc; .ZEUS; .OFF; .PcS; .pause; .myday; .grej; .DT

Wed, 21 Apr 2021 13:49:28 +0300

�� .ORAL; .Jessy; .ROG; .biden; .eofyd; .duk; .LAO; .pirat; .liz; .bqd2; .4o4; .ctpl; .error; .zphs; .2122; .HPJ; .bdev; .eye; .root; .rdp; .DELTA; .PARTY; .cnc; .ZIG; .xcss; .nmc; .ZEUS; .OFF; .PcS; .pause; .myday; .grej; .DT Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� CrySis/Dharma, �� :

====quote====
cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; .LOG; .1dec; .xati; .GET; .Back; .Aim; .get; .abc; .rec; .NW24; .gtf; .cl; .gold; .eur; .blm; .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help; .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman; .ORAL; .Jessy; .ROG; .biden; .eofyd; .duk; .LAO; .pirat; .liz; .bqd2; .4o4; .ctpl; .error; .zphs; .2122; .HPJ; .bdev; .eye; .root; .rdp; .DELTA; .PARTY; .cnc; .ZIG; .xcss; .nmc; .ZEUS; .OFF; .PcS; .pause; .myday; .grej; .DT; .dance; .TOR
=============

21.04.2021 13:49:28, santy.

Clop: �� - ��, �� -ransomware

Wed, 24 Feb 2021 06:51:38 +0300

Clop: �� - ��, �� -ransomware � �� .
�� -�� . �� -�� Clop, �� ZDNet ��, �� .

�� , � ��, � �� -�� , �� , �� .

�� -�� Clop?

Clop �� 2019 �� Cryptomix, �� . � �� 2020 �� , �� 20 �� . ��, �� Software AG, �� . � �� Clop �� , �� , �� Dark Web-�.

��

�� - �� , �� .

�� , �� .

��

�� -�� . �� , �� , �� .

�� , �� RDP. �� , ��, ��, �� , �� , �� -�� .

��

�� -�� . � �� . �� -�� . �� , �� .

�� Ransom.Maze, �� Egregor � Ransom.Clop, �� .

��

� �� . �� . �� 2021 ��, �� RagnarLocker �� , �� -��.

�� -�� (��), �� , � �� -��, �� . ��-�� -�� .

��

� �� 2021 �� -�� RegretLocker, �� (VHD). �� , � �� . �� VHD, �� (� �� , �� ) ��-�� .

RegretLocker �� , �� , �� . �� , ��-�� VHD � �� , �� . �� , �� VHD.

��

��-�� . ��, ��-�� Clop �� 663 �� Windows (�� ) � �� , �� .

�� , �� , �� . �� .

�� ?

�� , �� Clop �� -�� .

�� , �� , �� . �� .

Clop �� , �� , �� . ��, ��, ��, �� , �� (�, ��, �� ) �� . �� , �� (BEC).

�� , IOC � �� Clop �� Ransom.Clop.

https://blog.malwarebytes.com/malwarebytes-news/2021/02/clop-targets-execs-ransomware-tactics-get-another-new-twist/
24.02.2021 06:51:38, santy.

�� .repter; .FONIX; .XINOF; .Eking; .RYK; .RYKCRYPT

Fri, 19 Feb 2021 12:33:04 +0300

�� .repter; .FONIX; .XINOF; .Eking; .RYK; .RYKCRYPT Filecoder.FONIX � �� .
�� : .repter �� .
https://id-ransomware.blogspot.com/2020/06/fonixcrypter.html
---------
encode_files.rar
How To DecryptFiles.rar
19.02.2021 12:33:04, santy.

�� .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman

Fri, 15 Jan 2021 16:18:10 +0300

�� .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� CrySis/Dharma, �� :

====quote====
.cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; .LOG; .1dec; .xati; .GET; .Back; .Aim; .get; .abc; .rec; .NW24; .gtf; .cl; .gold; .eur; .blm; .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help; .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman
=============

15.01.2021 16:18:10, santy.

�� .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help

Fri, 09 Oct 2020 15:35:47 +0300

�� .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� CrySis/Dharma, �� :

====quote====
.cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; .LOG; .1dec; .xati; .GET; .Back; .Aim; .get; .abc; .rec; .NW24; .gtf; .cl; .gold; .eur; .blm; .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help
=============

09.10.2020 15:35:47, santy.

�� Ransomware �� Windows

Mon, 05 Oct 2020 16:22:31 +0300

�� Ransomware �� Windows � �� .
�� -��, �� , �� Microsoft vssadmin.exe,

�� Windows �� .

�� , �� .

�� -�� , �� , �� , �� , - �� .

�� - �� vssadmin.exe:

====code====

vssadmin delete shadows /all /quiet

=============
�� -�� Raccine

� �� -�� Raccine, �� vssadmin.exe.

�� , �� -�� vssadmin. ��, �� ? �� , - �� Raccine �� GitHub.

Raccine �� raccine.exe � �� vssadmin.exe � �� Windows � �� .

�� raccine.exe � �� vssadmin.exe �� Raccine, �� , �� vssadmin �� .

�� , �� vssadmin delete�, �� , �� , �� -�� .

�� -��, �� -�� , �� .

====code====

Get-WmiObject Win32_Shadowcopy | ForEach-Object {$ _. Delete ();}
WMIC.exe shadowcopy ������� / nointeractive

=============

�� Raccine � �� , �� vssadmin.exe. �� .

�� , �� Raccine �� , �� vssadmin.exe �� .

�� Raccine, �� .

�� Raccine

�� Raccine, �� :

�� Raccine.exe � �� , �� C: \ Windows.
raccine-reg-patch.reg � �� . �� , �� .

Raccine �� vssadmin.exe, �� .

�� , �� Raccine �� , �� , �� , �� raccine-reg-patch-uninstall.reg � �� C: \ windows \ raccine.exe.

�� Raccine �� , �� vssadmin.exe.

https://www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/
----------
�� 0.4.1
https://github.com/Neo23x0/Raccine/releases
05.10.2020 16:22:31, santy.

�� .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx;

Mon, 15 Jun 2020 09:05:17 +0300

�� .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� !
�� , �� .

-----------
��, �� Crysis, �� :

1. �� , �� ;
2. �� ;
3. �� ;
4. �� RDP;
5. �� (�� 3389) �� RDP;
6. �� , ��
7. �� , ��
8. �� (�� ), �� VPN ��, �� IP (�� );

�� CrySis/Dharma, �� :

====quote====

.cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; .space; .BOMBO; .ONE; .act; .pgp; .FRM; .wch; .club; .dr; .hack; .HCK; .r3f5s; .bad; hlpp; base; .HOW; .team; .credo; .lxhlp; .NHLP; .gyga; .bmtf; .prnds; .teamV; .GNS; .felix; .null; smpl; .rxx; .data; .homer; HAT; .tcprx; .LOG; .1dec; .xati; .GET; .Back; .Aim; .get; .abc; .rec; .NW24; .gtf; .cl; .gold; .eur; .blm
=============

15.06.2020 09:05:17, santy.

�� .Lazarus; Lazarus+; .Angus; .Skynet; .Kronos; .Void; .mifr; .onion; Spade; crypter; .RTX; .ADA; .gts; .help; .Iwan; .killer; .lama; .professor; .zxc; solo; .PAY; MrWhite; .rar; RYKCRYPT; .MRN

Thu, 04 Jun 2020 08:36:29 +0300

�� .Lazarus; Lazarus+; .Angus; .Skynet; .Kronos; .Void; .mifr; .onion; Spade; crypter; .RTX; .ADA; .gts; .help; .Iwan; .killer; .lama; .professor; .zxc; solo; .PAY; MrWhite; .rar; RYKCRYPT; .MRN VoidCrypt/Filecoder.Ouroboros � �� .
�� . �� VOID.�� 1.cer.[decoderma@tutanota.com][ID-CJ32FSXI7OR4QA8].Void
04.06.2020 08:36:29, �� .

�� !Ecryptedd

Sun, 10 May 2020 08:25:37 +0300

�� !Ecryptedd � �� .
�� . �� !Ecryptedd
10.05.2020 08:25:37, �� .

�� .rhino

Fri, 17 Apr 2020 08:14:55 +0300

�� .rhino Rhino; r/n: info.hta/ReadMe_Decryptor.txt � �� .
�� -�� , �� . ��, ��. �� .
SERVER_2020-04-17_09-50-52_v4.1.8.7z
fixes447.txt.[generalchin@countermail.com].7z
17.04.2020 08:14:55, �� .

Cryakl/CryLock - �� "�� "

Tue, 31 Mar 2020 10:14:46 +0300

Cryakl/CryLock - �� "�� " � �� .
�� Cryakl �� securelist.ru � �� 2014 ��.

====quote====
� �� -��, �� . �� -�� . �� , � �� 29 �� , �� . �� , � �� , ��:

- �� ,
- MD5-�� ,
- �� -�� ,
- ID ��,
- �� ,
- �� {CRYPTENDBLACKDC}.
=============

�� , Cryakl �� 2014 ��

�� :
ver-4.0.0.0
�� :
gpgsh378.zip.id-{SXDJPVBHMSYDJPVAGMRXCINTZFKQWBHNTYEK-28.01.2015 13@18@508370589}-email-masfantomas@aol.com-ver-4.0.0.0.cbf

�� :

email-masfantomas@aol.com
email-HELPFILEDESKRIPT111@GMAIL.COM
email-helpdecrypt@gmail.com
email-helpdecrypt123@gmail.com
email-deskripshen1c@gmail.com
email-deskr1000@gmail.com
email-mserbinov@onionmail.in
email-vernutfiles@gmail.com
email-base1c1c1c@gmail.com

�� :

�� HKLM\Software\Microsoft\Windows\CurrentVersion\Run\progrmma
progrmma C:\Program Files\temp\WINRAR.EXE

ver-6.1.0.0
�� :
qyfmtbhovbipwcjpxdkqxdlrzfmsag.nub.id-{EJPUBGLRXCINTYEJPUAFLQWBHMSYDIOUZEKQ-12.03.2015 11@22@168550646}-email-moshiax@aol.com-ver-6.1.0.0.b.cbf

�� :

email-moshiax@aol.com
email-mserbinov@aol.com
email-watnik91@aol.com
email-vpupkin3@aol.com

��, ��
�� :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\progrmma
C:\Program Files\1\svchost.exe

ver-8.0.0.0
�� :
iqxeltzgoubiqwdkryfmtahowcjqxe.lta.id-{ZFKPWCHMSYDJPUZFLQVBHMSYDJOUAFKQWBHM-30.03.2015 12@49@155029625}-email-moshiax@aol.com-ver-8.0.0.0.cbf

�� :

email-moshiax@aol.com
email-watnik91@aol.com

�� :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\progrmma
C:\Program Files\xexe\info.exe

ver-CL 0.0.1.0

�� :
email-mserbinov@aol.com.ver-CL 0.0.1.0.id-SBGKPTXBEIMPUYBFJMQUYCFJNQVZCGJNRVZD-05.05.2015 23@58@548191739.randomname-DJNRWAEJNQUYBFJNRVYCGKOSWZDHLP.TXB.cbf

�� :

email-mserbinov@aol.com
d_madre@aol.com
trojanencoder@aol.com
iizomer@aol.com

�� :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pr
C:\Program Files\monitor.exe

ver-CL 1.0.0.0

�� :
email-cryptolocker@aol.com.ver-CL 1.0.0.0.id-NTZXEKPVBHMSYDIOUZFLRWCHNSYEJPVBGLRX-15.07.2015 13@36@284834316.randomname-HGCVMANYIQXEKPUXBDGIKMNPQRSTTU.UUV.cbf
��, �� .

�� :

email-gerkaman@aol.com
email-Seven_Legion2@aol.com
email-gcaesar2@aol.com
email-Igor_svetlov2@aol.com
email-ninja.gaiver@aol.com
email-bekameka777@aol.com
email- last.centurion@aol.com
email-a_princ@aol.com
email-Cryptolocker@aol.com
email-ivanov34@aol.com
email-vpupkin3@aol.com
email-oduvansh@aol.com
email-trojanencoder@aol.com
email-iizomer@aol.com
email-moshiax@aol.com
email-load180@aol.com
email-watnik91@aol.com

�� :

��: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pr
C:\Program Files\simpleinf.exe

ver-CL 1.0.0.0u

�� :

�� :

email-iizomer@aol.com
email-cryptolocker@aol.com_graf1
email-cryptolocker@aol.com_mod
email-byaki_buki@aol.com_mod2

ver-CL 1.1.0.0

�� :
email-eric.decoder10@gmail.com.ver-CL 1.1.0.0.id-TBHMTZDJPVAFLRWCHNSYEJOUAFKQWBHMSYDI-06.08.2015 14@39@447462257.randomname-MSYEKQWBHMSXDJPTZFLQWCHMSYDJPU.AGM.cbf
�� :

email-hontekilla@india.com
email-gerkaman@aol.com
email-oduvansh@aol.com
eric.decoder10@gmail.com
email-trojanencoder@aol.com
email-watnik91@aol.com
seven_legin2@aol.com
email-obamausa7@aol.com
email-gcaesar2@aol.com

�� :

��: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pr
C:\Program Files\1C\�� .exe

ver-CL 1.2.0.0

�� :
email-trojanencoder@aol.com.ver-CL 1.2.0.0.id-YELRXEJPWBHOTZFLRXDJPUBHMTZELRWCKQWC-29.04.2016 17@04@497267438.randomname-HOUASYEKQWDIOUAGMSZEKRWCJOUAGN.SZF.cbf

�� :

email-anton_ivanov34@aol.com
email-trojanencoder@aol.com
email-iizomer@aol.com
email-ivan_fedorov16@aol.com
!email-cryptoloker@aol.com
email-zed.zorro1@aol.com
email-fedor_pavlov13@yahoo.com
email-agent.vayne@india.com
email-moshiax@aol.com
! email-oduvansh@aol.com
email-gcaesar2@aol.com
email-crypt.cryptor@aol.com
email-age_empires@ aol.com

�� :

��: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pr
C:\Program Files\service.exe

ver-CL 1.3.0.0
�� :
email-moshiax@aol.com.ver-CL 1.3.0.0.id-WCHMSXBGLPUZEJOTYDHMRWBFKPUZEINSXCHM-24.05.2016 20@08@033014428.randomname-AKPUUAFKPUZEINSXCHMRWAFKPUZDIN.TXC.cbf
�� :

email-moshiax@aol.com
cryptolocker@aol.com

�� :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sopropool
C:\Program Files\tr.exe

ver-CL 1.3.1.0

�� :

�� :

byaki_buki@aol.com_grafdrkula@gmail.com
email-byaki_buki@aol.com
email-iizomer@aol.com
email-crypthelp@qq.com
email-tapok@tuta.io
email-iizomer.iizomer@yandex.ru_iizomer@aol.com
email-v_pupkin@aol.com
email-mortalis_certamen@aol.com
email-salazar_slytherin10@yahoo.com
email-200usd@india.com
email-eugene_danilov@yahoo.com
...

�� :

�� HKLM\Software\Microsoft\Windows\CurrentVersion\Run\00F5-A4D1
00F5-A4D1 C:\Program Files\WinRar\��.exe

fairytail (CL 1.4.0.0, CL 1.4.1.0, CL 1.5.0.0)

�� :

email-blackdragon43@yahoo.com.ver-CL 1.4.0.0.id-3908370012-23.03.2018 10@01@539726651.fname-�� .jpg.fairytail

�� :

email-blackdragon43@yahoo.com
email-hola@all-ransomware.info

�� :

HKEY_USERS\S-1-5-21-1417001333-1004336348-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\3908370012
C:\DOCUME~1\user\LOCALS~1\Temp\bd.exe

doubleoffset (CL 1.5.1.0)

�� :
email-blackdragon43@yahoo.com.ver-CL 1.5.1.0.id-1747396157-41244152820380734004031.fname-�� .jpg.doubleoffset

�� :

email-3nity@tuta.io
email-butterfly.iron@aol.com
email-n_nightmare@yahoo.com
email-vally@x-mail.pro
email-blackdragon43@yahoo.com
email-dorispackman@tuta.io
email-hola@all-ransomware.info
email-coolguay@tutanota.com
email-biger@x-mail.pro
email-tapok@tuta.io
email-komar@tuta.io

�� :
HKEY_USERS\S-1-5-21-1645522239-854245398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\1747396157
C:\DOCUME~1\user\LOCALS~1\Temp\XEKOVAFKPT.exe

CS 1.6.0.0

�� :

�� :

email-sugarman@tutamail.com
email-3nity@tuta.io
email-mr.yoba@aol.com

CS 1.7.0.1
�� :
desktop.ini[CS 1.7.0.1][opensafezona@protonmail.com].git
�� :

opensafezona@protonmail.com

CS 1.8.0.0
�� :
branding.xml[grand@horsefucker.org][2094653670-1579267651].whv
�� :

graff_de_malfet@protonmail.ch
grand@horsefucker.org
tomascry@protonmail.com

CryLock 1.9.0.0

��

sample_bytes: [0x3472F - 0x3473D] 0x7B454E4352595054454E4445447D

https://id-ransomware.malwarehunterteam.com/identify.php?case=5e55ddb65eac5f52e424de270004ffeeef08563f

�� :
VTS_01_0.BUP[reddragon3335799@protonmail.ch][special].[10ABB6A7-867BCEF7]

�� :

reddragon3335799@protonmail.ch
graff_de_malfet@protonmail.ch
coronovirus@protonmail.com
31.03.2020 10:14:46, santy.

�� .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB;

Mon, 16 Mar 2020 11:02:25 +0300

�� .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB; Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� !
�� , �� .

-----------
��, �� Crysis, �� :

1. �� , �� ;
2. �� ;
3. �� ;
4. �� RDP;
5. �� (�� 3389) �� RDP;
6. �� , ��
7. �� , ��
8. �� (�� ), �� VPN ��, �� IP (�� );

�� CrySis/Dharma, �� :

====quote====

.cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; '.GTF; .Mark; .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB;
=============

rem.rar
16.03.2020 11:02:25, �� .

Crysis: ��

Sun, 15 Mar 2020 06:44:22 +0300

Crysis: ��  � �� .
�� . � �� , �� (WannaCry �� NotPetya), �� . �� , �� , �� .

�� λ, �� , �� , �� ; �� , �� . �� , �� , �� , �� (SOC).

�� , �� , �� , �� , �� (PARINACOTA), �� Dharma � �� .

�� PARINACOTA, �� , � �� , �� (RDP), � �� brute forces �� . �� . ��, �� . � �� Active Directory (AD), �� , �� .

�� brute forces RDP, �� Samas (SamSam). �� , �� GandCrab, MegaCortext, LockerGoga, Hermes � RobbinHood, �� .

�� , �� , �� RDP 3389. �� , �� , �� Masscan.exe, �� .

�� , �� , �� NLbrute.exe �� ForcerX, �� , �� admin�, �administrator�, �guest� �� test�. �� . �� , �� , �� RDP �� . �� , �� , �� , �� . ��, �� , �� .

�� ZIP-��, �� , ��, �� , �� . � �� wevutil.exe, � �� , �� . �� SYSTEM, �� , �� CVE, �� , �� Sticky Keys�.

�� LSASS, �� , �� Mimikatz � ProcDump, �� , �� . �� PARINACOTA �� . �� -��, �� findstr.exe �� cookie, �� .

PARINACOTA �� , �� , � �� :

�� .bat �� .reg �� RDP

�� .

�� .

�� , PARINACOTA �� , �� Process Hacker, �� . �� ; �� , �� massmail.exe �� -��, � �� . �� , �� , �� .

�� :

�� HTA (�� hta) � �� (ASEPs), �� .
�� , �� .
�� , �� .

PARINACOTA �� Monero �� , �� , � �� .

https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/
15.03.2020 06:44:22, santy.

�� Cryakl CS 1..

Tue, 28 Jan 2020 11:46:25 +0300

�� Cryakl CS 1.*.* Filecoder.EQ/Encoder.567/Cryakl � �� .
�� . �� . �� . �� . https://www.sendspace.com/file/eo6da7
28.01.2020 11:46:25, �� .

�� .rsa; .kr; .ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; .GTF; .Ma

Thu, 21 Nov 2019 05:56:53 +0300

�� .rsa; .kr; .ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; .GTF; .Ma Filecoder.Crysis / Encoder.3953 /Ransom.Win32.Crusis; r/n: info.hta � �� .
�� CrySis/Dharma, �� :

====quote====
.cesar; .arena; .cobra; .java; .write; .arrow; .bip; .cmb/.combo; .brrr; .gamma; .monro; .bkp; .btc; .bgtx; .boost; .waifu; .FUNNY; .betta; .vanss; .like; .gdb; .xxxxx; .adobe; .tron; .AUDIT; .cccmn; .back; .Bear; .fire; .myjob; .war; .risk; .bkpx; .santa; .bizer; .gif; .auf; .USA; .xwx; .best; .heets; .qwex; .ETH; .air; .888; .amber; .frend; .KARLS; .aqva; .AYE; .korea; .plomb; .NWA; .com; .azero; .bk666; .stun; .ms13; .carcn; .btix; .gate; .love; .LDPR; .FREDD; .txt; .video; .wal; .MERS; .bat; qbix; .aa1; .qbtex; .yG; .drweb; .plut; .jack; .DDOS; .cry; .4k; .TOR13; .good; .qbx; beets; .zoh; .harma; .BSC; .kjh; .html; .HACK; .0day; .hccapx; .cap; .xxxx; .crash; .php; .dqb; .save; kick; .1BTC; .com2; .Acuf2; .nqix; .Q1G; .pdf; .cmd; MGS; .RSA; .ebola; .money; .VIVAL; .UTC; .CASH; .KRAB; .uta; .bot; .wiki; PBD; .one; .xda; .start; .asus; .VIRUS; .rsa; .kr; '.ninja; .nvram; .SySS; .kharma; .abc; .2048; ROGER; .bitx; .IMI; .asd; RIDIK; .Z9; .LIVE; .NEWS; wrar; 2NEW; .msh; .CU; .rajar; .blend; .WHY; .crown; .ncov; self; .PAY; .qbix; .PLEX; .YKUP; .8800; .rxx; .GTF; .Mark

=============

��, �� Crysis, �� :

1. �� , �� ;
2. �� ;
3. �� ;
4. �� RDP;
5. �� (�� 3389) �� RDP;
6. �� , ��
7. �� , ��
8. �� (�� ), �� VPN ��, �� IP (�� );
21.11.2019 05:56:53, santy.

�� Desktop.rar � ��

Tue, 08 Oct 2019 10:54:49 +0300

�� Desktop.rar � �� ��  � �� .
�� 6 �� . �� (��. ��).

�� .

�� ? �� , �� ?
�� http://forum.esetnod32.ru/forum9/topic2687/
�� -��?

��.

08.10.2019 10:54:49, �� .

����� esetnod32.ru [�����: ������������� ������ � ������ ������������]

������� �� ����� ����� PRO32

�����-������������ ���������� ����� � ������� � ��� ���������� (.kasper)

Lockbit v3 Black: *. 7nqxXHqux;

������������ m0r0kt34m@gmail.com

������������ Ouroboros/VoidCrypt. ����� � ����������� MRN

����������� � ����������� .BLACK

����� ����������� � ����������� .EXTEN; .CROW; .MEOW; .PUTIN; .KREMLIN; .RUSSIA; LOCK2023; RCHAT; RUBEN; CRUST; met@n; GAZPROM

����� ����������� � ����������� *.hydra

����� ����������� � ����������� .FISTING; .likeoldboobs; .Washedback; .Gachimuchi; .Horsefucker; .crxxx; .nigra; .x101

��� ������� ����� � ���� ����� ����� ���������� ��� �������� � ������������ �����������

���� ����������� � ����������� .ps1wek

����� ����������� � ����������� *.Loki; *.Blackbit

����� ����������� � ����������� .MUST; .GanP; .CLEAN; .c0v; .JRB; .dts; .TCYO; .6ix9; .RZA; .RME; .yUixN; .nomad; .MOON; .chld; .WOLF; .NaS; .lsas; .MS; .WORM; .NEEH; .Deeep; .DC; .Xqxqx; .C1024; .ver; .RED; .bmo; .MTX; .cip: .Bl; .kl

����� ����������� � ����������� .LIZARD; .DoNotWorry; .SUMMON

Clop: ���� - ������������, ����� ������� ��������-ransomware

����������� � ����������� .repter; .FONIX; .XINOF; .Eking; .RYK; .RYKCRYPT

����� ����������� � ����������� .aol; .14x; .hub; .yoAD; .NOV; .Avaad; .crypt; .22btc; .TomLe; .word; .con30; .text; .LOTUS; .wcg; .pauq; .four; .urs; .clman

����� ����������� � ����������� .chuk; .AHP; .lina; .TEREN; .cve; .WSHLP; .fresh; .FLYU; .gtsc; .dme; .Crypt; .259; .LCK; .kut; .SWP; .zimba; .help; .sss; .dex; .ZIN; .SUKA; .msf; .lock; .gac; .21btc; .mpr; .4help

����� ������� �� Ransomware ������ �������� ������� ����� Windows

����� ����������� � ����������� .Lazarus; Lazarus+; .Angus; .Skynet; .Kronos; .Void; .mifr; .onion; Spade; crypter; .RTX; .ADA; .gts; .help; .Iwan; .killer; .lama; .professor; .zxc; solo; .PAY; MrWhite; .rar; RYKCRYPT; .MRN

����� ����������� � ����������� !Ecryptedd

����� ����������� � ����������� .rhino

Cryakl/CryLock - ����� "�������� ����"

����� ����������� � ����������� .IPM; .ONION; .LX; .C-VIR; .2020; .MSPLT; .ccd; .DOT; .dec; .VWA; .love$; .TRAMP; .LOL; .0day0; .PHP; .NET; .R2D2; .lab; .BANG; .payB;

Crysis: �������� ���������� � ��� � ��� ��������

����� ����������� � Cryakl CS 1.*.*

����� Desktop.rar � �������