Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
<html>
<style type="text/css">
body {
background-color: #f5f5f5;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
display: block;
margin: auto;
}
.tabs1 .head{
text-align: center;
float: top;
padding: 0px;
text-transform: uppercase;
font-weight: normal;
display: block;
background: #81bef7;
color: #DF0101;
font-size: 30px;
}
.tabs1 .identi {
font-size: 10px;
text-align: center;
float: top;
padding: 15px;
display: block;
background: #81bef7;
color: #DFDFDF;
word-break: break-all;
}
.tabs .content {
background: #f5f5f5;
/*text-align: center;*/
color: #000000;
padding: 25px 15px;
font-size: 15px;
font-weight: 400;
line-height: 20px; }
.tabs .content a {
color: #df0130;
font-size: 23px;
font-style: italic;
text-decoration: none;
line-height: 35px; }
.tabs .content .text{
padding: 25px;
line-height: 1.2;
}
</style>
<body>
<div class="tabs1">
<div class="head" ><b>Your personal ID:</b></div>
<div class="identi">
<span style="width:1000px; color: #ffffff; font-size: 10px;">[snip]�</span> <br>
<!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<div id="tab-content1" class="content">
<div class="text">
<!--text data -->
<b>Hello dear management, [snip]</b><br>
<b>All your important files have been encrypted!</b><br><br>
<hr>
Your files are safe! Only modified. (RSA+AES)<br><br>
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br>
WILL PERMANENTLY CORRUPT IT.<br>
DO NOT MODIFY ENCRYPTED FILES.<br>
DO NOT RENAME ENCRYPTED FILES.<br><br>
No software available on internet can help you. We are the only ones able to<br>
solve your problem.<br><br>
From your file storage, we have downloaded a large amount of confidential data of your company and personal data.<br>
<b>Data leakage</b> will entail great reputational risks for you, we would not like that.<br>
<b><i>In case you do not contact us</i></b>, we will initiate an auction for the sale of <b>personal and confidential data.</b><br><br>
After the auction is over, we will place the data in public access on <b>our blog.</b><br>
<i>The link is left at the bottom of the note.</i><br><br>
This server will be immediately destroyed after your payment.<br>
If you decide to not pay, we will release your data to public or re-seller.<br>
So you can expect your data to be publicly available in the near future..<br><br>
We only seek money and our goal is not to damage your reputation or prevent<br>
your business from running.<br><br>
You will can send us 2-3 non-important files and we will decrypt it for free<br>
to prove we are able to give your files back.<br><br>
<!--text data -->
<hr>
<b>Contact us for price and get decryption software.</b><br><br>
<hr>
<b>email:</b><br>
<a href="wehavesolution@onionmail.org">wehavesolution@onionmail.org</a> <br>
<a href="solution247days@outlook.com">solution247days@outlook.com</a> <br>
<p>* To contact us, create a new free email account on the site: <a href="https://protonmail.com">protonmail.com <br>
<b>
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br>
<p>* Tor-chat to always be in touch: <a href<a href<b>
http://xfycpauc22t5jsmfjcaz2oydrrrfy75zuk6chr32664bsscq4fgyaaqd.onion
</div>
</div>
</div>
<!--tab-->
<b>
</b><br><br> </b><br>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
| Type | IOC |
|---|---|
email
|
wehavesolution@onionmail.org
|
email
|
wehavesolution@onionmail.org
|
email
|
solution247days@outlook.com
|
email
|
solution247days@outlook.com
|
onion url
|
http://xfycpauc22t5jsmfjcaz2oydrrrfy75zuk6chr32664bsscq4fgyaaqd.onion |