A newly identified exploit kit is targeting vulnerable versions of Adobe's Flash Player, Malwarebytes security researchers say. Dubbed “Lord,” the exploit kit (EK) was initially identified by Virus Bulletin‘s Adrian Luca. The toolkit emerged as part of a malvertising chain via the PopCash ad network. The EK uses a compromised website to redirect unsuspecting victims to its landing pag...
2016-09-26 00:40:25.886473 IP 192.168.1.18.51426 > 18.104.22.168.80: Flags [P.], seq 1:512, ack 1, win 16475, length 511: HTTP: GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1
E..’.R@………..~….P..W..2.VP.@[….GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; rv:11.0) like Gecko
2016-09-26 00:40:26.295112 IP 22.214.171.124.80 > 192.168.1.18.51426: Flags [.], ack 512, win 237, length 0
2016-09-26 00:40:27.640845 IP 126.96.36.199.80 > 192.168.1.18.51426: Flags [.], seq 1:1319, ack 512, win 237, length 1318: HTTP: HTTP/1.1 200 OK
E..N..@.:…..~……P…2.V..Y.P…….HTTP/1.1 200 OK
Date: Mon, 26 Sep 2016 00:40:57 GMT
2016-09-26 00:40:31.356592 IP 188.8.131.52.443 > 192.168.1.18.51428: Flags [.], seq 9:1327, ack 19, win 257, length 1318
[yJ………’ejB…aP…….NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files ?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA4096 Key , both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server
What do I do ?
So , there are two ways you can choose: wait for a _miracle_ and get _your_ PRICE DOUBLED! Or start obtaining *BITCOIN NOW! , and restore _YOUR_ _DATA_ easy way
If You have really valuable _DATA_, you better _NOT_ _WASTE_ _YOUR_ _TIME_, because there is _NO_ other way to get your files, except make a _PAYMENT_
Your personal ID: 2312323345345IDB23423423423445634dfg34ID
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1 – http://ccjlwb22w6c22p2k.onion.to
2 – http://ccjlwb22w6c22p2k.onion.city
If for some reasons the addresses are not availablweropie
2016-09-26 00:40:31.356709 IP 184.108.40.206.443 > 192.168.1.18.51428: Flags [P.], seq 1327:1668, ack 19, win 257, length 341
E..}X.@.z.;.[yJ………’eoh…aP…_5.., follow these steps:
1 – Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2 – Video instruction: https://www.youtube.com/watch?v=NQrUZdsw2hA
3 – After a successful installation, run the browser
4 – Type in the address bar: http://ccjlwb22w6c22p2k.onion
5 – Follow the instructions on the site