A forum for reverse engineering, OS internals and malware analysis
ikolor wrote:malware-payloadCryptowall 3.0 aka Crowti. Posts moved.
https://www.virustotal.com/en/file/92a5 ... 439754881/
The Cyber Threat Alliance (CTA) is a group of leading cybersecurity solution providers who have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them. Together, members of the CTA conducted joint research into the CryptoWall version 3 threat, which impacted hundreds of thousands of victims, and resulted in over $325 million in damages worldwide.http://cyberthreatalliance.org/cryptowall-report.pdf (PDF)
radyotutkal.com/wp-content/plugins/wp-db-backup-made/GOvWnl.php
westburyim.com/wp-content/themes/twentyeleven/P8ND70.php
noida23.in/wp-content/plugins/wp-db-backup-made/gqZFjh.php
dandgpartners.co.uk/wp-content/plugins/wp-db-backup-made/P_S45k.php
suxova.com/wp-content/plugins/wp-db-backup-made/P8p1r3.php
nwlabs.co.uk/wp-content/plugins/wp-db-backup-made/xNLBTr.php
florencebeauty.pl/themes/twentyeleven/1CZuyi.php
whiteberry.pl/plugins/wp-db-backup-made/oIxlPQ.php
djmfr.com/wp-content/plugins/wp-db-backup-made/mFGJzL.php
laurahonders.nl/wp-content/plugins/wp-db-backup-made/Xe07qS.php
minzufa.com/wp-content/plugins/wp-db-backup-made/zoMLq3.php
sofiaki.com/wp-content/plugins/wp-db-backup-made/pZ_cus.php
school.expert100.info/wp-content/plugins/wp-db-backup-made/aSy8WI.php
theindonesiapost.com/wp-content/plugins/wp-db-backup-made/rE2SeJ.php
octordigital.com.br/wp-content/plugins/Akismet3/VrTHty.php
komnasperempuan.or.id/en/wp-content/themes/twentytwelve/f3UxDT.php
nothinglikewater.com/wp-content/plugins/wp-db-backup-made/9KBtVe.php
querubimsaude.com.br/wp-content/plugins/wp-db-backup-made/_fSMFm.php
tdrc.org.zm/wp-content/plugins/wp-db-backup-made/6nNYbv.php
soslevego.com/wp-content/plugins/wp-db-backup-made/zA6tnJ.php
falconprecision.co.uk/wp-content/plugins/wp-db-backup-made/Pr9_f1.php
lawcost.ch/wp-content/plugins/wp-db-backup-made/S19WG8.php
pacinimedicina.it/wp-content/plugins/wp-db-backup-made/9UX1c_.php
artezan.pl/wp-content/plugins/wp-db-backup-made/tv5gGT.php
hongkong.mfa.gov.mn/wp-content/plugins/link-sort/nYExyL.php
talonexec.com/wp-content/plugins/wp-db-backup-made/JTwHpI.php
siddharthbunglows.com/wp-content/themes/twentythirteen/5Q4rte.php
yapikrediborcsorgulama.com/wp-content/plugins/wp-db-backup-made/h6J0Ns.php
thomkaz.com/wp-content/plugins/wp-db-backup-made/f_eVyA.php
derwentbc.com/wp-content/plugins/wp-db-backup-made/2CMS_v.php
fgxblog.com/wp-content/plugins/wp-db-backup-made/PVJtuo.php
Thank you again and we hope you share our view that your contribution helped to providehas zip attached with javascript inside.
peters wrote:That's TeslaCryptThank you again and we hope you share our view that your contribution helped to providehas zip attached with javascript inside.
downloads http://1caclean.com/wp-includes/theme-compat/691.exe?1
SHA: e6a3740228180ceb5f2d6ea58c6a46c03af44e37f5f8b0a4ba6bcf635811a849
http://rgkschool.com/modules/mod_ariima ... r/misc.php
hxxp://royaleventsbytrina.com/wp-content/themes/twentythirteen/misc.php
hxxp://rgkschool.com/modules/mod_ariimageslider/misc.php
hxxp://umrdafasojigi.org/wp-content/themes/the-cause/misc.php
hxxp://sreedhanwanthari.org/wp-content/themes/inzane/misc.php
hxxp://genesistut.com/misc.php
hxxp://geets.xyz/wp-content/themes/mobile/misc.php