Ransom Notes: Risen_Guide2.hta

<doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.25rem 0;width:90%;font-family:sans-serif}.logo{text-align:center}.logo>svg{fill:red;width:8rem;height:8rem}.first-title{border-radius:.25rem;font-size:1.875rem;line-height:2.25rem;text-align:center;text-transform:uppercase;margin:2rem 0}.first-title span{font-weight:700;color:#dc2626}.first-box{font-size:1.2rem;position:relative;padding:1.5rem;margin-top:1rem;border:4px dotted #ef4444;text-align:center}.first-box>p:first-child{position:absolute;left:1rem;top:-1.9rem;padding:.75rem;font-size:1.125rem;line-height:1.75rem;background-color:#000}.first-box span{color:#dc2626}.sec-title{position:absolute;top:-.25rem;left:50%;transform:translate(-50%,-50%);padding-left:1rem;padding-right:1rem;font-size:1.125rem;line-height:1.75rem;background-color:#000}.sec-box{width:100%;white-space:nowrap;height:350px;margin-top:2.5rem}.contactus,.attention{padding:10px;white-space:normal;height:100%;position:relative}.contactus{word-wrap:break-word;padding-top:20px;margin-right:20px;width:30%;float:left;font-size:17px;border:4px dotted #3b82f6;background-color:rgba(59,130,246,.1)}.attention{word-wrap:break-word;float:left;width:68.5%;font-size:22px;border:4px dotted #ef4444;background-color:rgba(239,68,68,.1)}.attention ul{word-wrap:break-word;width:100%;position:absolute;top:50%;transform:translateY(-50%);list-style-position:inside}@media only screen and (min-width:2000px){.logo>svg{width:10rem;height:10rem}.first-title{font-size:2.8rem}.first-box{font-size:2rem}.sec-box{height:500px}.attention ul li{font-size:30px;line-height:37px}.contactus{padding:30px;font-size:26px}.sec-title,.first-box>p:first-child{font-size:2rem}}@media only screen and (min-width:2900px){.logo>svg{width:14rem;height:14rem}.first-title{font-size:3.5rem}.first-box{font-size:2.9rem}.sec-box{height:700px}.attention ul li{font-size:42px;line-height:55px}.contactus{padding:35px;font-size:35px}}@media only screen and (max-width:1480px){.sec-box{white-space:normal;height:fit-content}.contactus,.attention{width:100%;display:block;float:none}.contactus{padding:2rem;font-size:1.2rem}.attention{margin-top:30px;font-size:1.2rem}.attention ul{position:static;transform:none;line-height:2}}</style></head><body><div class="logo"><svg width="502pt" height="465pt" version="1.0" viewBox="0 0 502 465" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 465) scale(.1 -.1)"><path d="m2085 4385c-5-2-37-11-70-21s-76-27-95-38c-46-27-142-105-155-125-5-9-23-31-39-48-35-39-56-79-56-105 0-19 45-68 63-68 4 0 27-9 49-20 23-11 45-20 49-20 5 0 28-13 52-30 25-16 48-30 52-30 27 0 224-188 306-292 31-39 110-200 134-273 51-152 49-89 55-1620 3-786 6-1430 8-1431 1-1 10-10 20-21 54-62 140-51 183 23 16 27 18 120 18 1413 1 847-3 1406-9 1440-5 31-14 88-20 126-13 78-48 190-83 262-76 157-227 362-315 427-26 19-60 48-76 65-17 17-35 31-41 31-7 0-20 9-30 20s-23 20-30 20-20 9-31 21c-18 20-18 21 1 32 42 24 160 49 205 43 103-14 163-50 289-173 47-47 97-90 111-98 22-11 146-20 235-16 64 2 65 65 2 108-18 12-94 83-171 158-76 74-142 135-146 135-5 0-15 6-22 13-26 25-89 56-154 77-50 15-92 20-173 19-58 0-110-2-116-4z"/><path d="m1245 3790c-188-31-359-127-500-282-78-84-142-222-177-378-6-27-13-361-16-822l-7-777-29-30c-15-16-41-35-56-41-37-15-50-48-50-130 0-57 4-74 20-90 23-23 29-23 90-7 91 25 153 64 190 120 83 125 83 115 78 987-3 804-5 784 63 914 37 72 107 166 123 166 7 0 23 12 37 26 31 34 189 109 257 123 105 22 217 12 302-26 195-87 315-218 371-403 19-63 21-1874 2-1911-7-13-24-55-38-94-14-38-34-79-44-90-55-63-63-104-30-159 21-36 77-76 108-76 73 0 186 186 222 366 21 106 21 130 23 1014 1 1027 5 968-82 1150-40 83-145 225-176 239-5 2-26 19-46 37-21 19-43 34-49 34s-11 4-11 8c0 12-179 99-220 107-19 4-40 11-45 16-15 12-251 19-310 9z"/><path d="m3595 3790c-131-20-240-66-381-161-82-56-186-183-228-279-15-36-34-78-41-95-37-82-38-118-42-965-4-927 1-1072 42-1195 29-85 76-175 112-215 13-14 23-28 23-31 0-10 69-49 86-49 22 0 111 87 118 116 7 27-15 83-48 124-42 52-86 157-98 234-6 35-12 423-15 896-4 815-4 837 16 930 12 52 25 98 31 104 5 5 10 16 10 23 0 19 63 109 112 161 159 168 401 235 593 163 195-73 328-207 393-396 28-80 35-294 29-870-7-687-3-787 36-865 32-65 76-116 132-152 44-29 141-53 169-42 23 9 36 45 36 102 0 72-16 117-48 132-15 8-42 27-59 44l-33 30v750c0 774-2 821-41 946-18 54-88 191-122 235-44 58-150 165-163 165-6 0-19 9-29 20s-22 20-26 20-30 14-57 31c-52 32-182 76-267 89-60 10-172 10-240 0z"/><path d="m1253 3291c-23-9-53-26-68-39-14-12-29-22-33-22-24 0-97-105-112-160-9-34-15-740-10-1322 0-24 4-28 27-28 14 0 33 7 42 15s39 37 66 63c28 26 57 56 65 66 13 16 16 103 20 583l5 564 43 41c40 37 47 40 84 35 28-4 51-16 72-36l31-31 6-840h33c21 0 42 8 57 23 50 48 116 123 127 144 17 30 16 621 0 695-14 65-65 145-121 190-88 71-237 98-334 59z"/><path d="m3595 3287c-76-34-128-73-163-123-57-80-62-121-62-484v-325l36-40c66-76 149-155 161-155 7 0 15 10 18 23 4 12 7 203 8 422 2 383 3 401 22 427 28 39 79 61 118 53 44-10 85-51 94-94 4-20 7-272 7-561 1-504 2-527 21-565 11-22 32-46 48-53 15-7 27-20 27-28 0-7 7-14 15-14s15-7 15-15c0-19 56-48 80-40 13 4 19 18 22 49 1 23 1 328-2 677-5 686-3 651-58 721-34 43-106 108-120 108-4 0-27 9-50 20-58 28-169 27-237-3z"/></g></svg></div><div class="first-title"><p>All Your <span>Important Files</span> Have Been Encrypted</p></div><div class="first-box"><p>NOTE</p><p>We have also taken your critical documents and files from different parts<br>of your network, which we will <span>leak or sell</span> if there is no cooperation from your side.</p><p>Our operators have been <span>monitoring</span> your business for a while, when we say these documents are critical, we mean it.</p><p><span>We await</span> for your response before the deadline ends, After that<span> we will continue the process of leaking or selling your documents.</span></p><p>We assure you that this won't happen if you cooperate with us.</p></div><div class="sec-box"><div class="contactus"><div class="sec-title">CONTACT US</div><p>For more instructions, to save your files and your business, contact us by :<br></p><br><p>Email address :<br><b>Happycat@cyberfear.com</b></p><br><p>didn't get any response in 24 hours ? use : <br><b>bluecrap@my.com</b> </p><br><p>Leave subject as your machine id  "<b>[snip]</b>"</p><br><p>If you didn't get any respond within 72 hours use our Tor blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.</p><a href="http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion" style="color:#00f">http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion</a></div><div class="attention"><div class="sec-title">ATTENTION</div><ul><li>Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable</li><li>Do not pay any amount of money before receiving decrypted test files</li><li>there might be many middle man services out there whom will contact us for your case and they will make a profit<br>&nbsp&nbsp&nbsp&nbsp&nbspby adding a sort of money to the fixed price</li><li>any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss</li><li>there will be a deadline until your data get sold or leaked by our team,you better corporate with us<br>&nbsp&nbsp&nbsp&nbsp&nbspbefore the following deadline otherwise we will proceed to sell or leak your data without any past warnings</li></ul></div></div></body></html>

Indicators of Compromise