Kriptovor (Russian Ransomware and Infostealer)

Forum for completed malware requests.
Post Reply
Fedor22
Posts: 27
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Kriptovor (Russian Ransomware and Infostealer)

Post by Fedor22 » Sun Jan 21, 2018 2:45 pm

Encrypts data using AES encryption, and then requires emailing extortionists to discover out the cost of the decryptor. Data is encrypted on all local and connected network drives. After encryption, shadow copies of files are deleted. Initially, Kriptovor was a password stealer, but later received additional extortionary functionality. Distributed through email-attachments, which can be called something like: "Резюме на вакантную должность", which translates to: "Resume for the vacant post". The addresses of the senders are constantly changing. The previously collected list includes:
y.volkova@i-jazz.ru
kirova.l@mutualizm.ru
kirova.ls@orangedv.tmweb.ru
kirova-l@wibor5.ru
abramova.l@wibor5.ru
abramova@sabona.ru
l_abramova@festivalps.ru
l_abramova@wibor5.ru
MD5 hashes of word documents, infostealers, rar archives and ransomwares here (plus more information about this): https://www.fireeye.com/blog/threat-res ... ptovo.html

User avatar
Xylitol
Global Moderator
Posts: 1665
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Kriptovor (Russian Ransomware and Infostealer)

Post by Xylitol » Mon Jan 22, 2018 8:51 am

in attachement
You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 204
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Kriptovor (Russian Ransomware and Infostealer)

Post by Antelox » Mon Jan 22, 2018 9:07 am

Some more:

https://anonfile.com/BcYc0cd3b5/samples.zip (too big to upload here as attachment)

BR,

Antelox

Post Reply