Locky Ransomware - IOC - File Details


1) Ransomware Name - Locky

2) Encrypted Extensions -
.locky
.zepto
.odin
.shit
.thor
.aesir
.zzzzz
.osiris
.DIABLO6

3) Ransom Note File -
_Locky_recover_instructions.txt
_Locky_recover_instructions.bmp
_HELP_instructions.txt
_HELP_instructions.bmp
_HOWDO_text.html
_WHAT_is.html
_INSTRUCTION.html
DesktopOSIRIS.(bmp|htm)
OSIRIS-[0-9]{4}.htm

4) Encrypted Algorithmm - RSA-2048 and AES-128

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -
xxxx://6dtxgqam4crv6rr6.tor2web.org/
xxxx://6dtxgqam4crv6rr6.onion.to/
xxxx://6dtxgqam4crv6rr6.onion.cab/
xxxx://6dtxgqam4crv6rr6.onion.link/
***6dtxgqam4crv6rr6.onion


8) File Details -
MD5 8d3576d281200a1e713dc70c2b639aaf
SHA1 00551fa40409d2b2c94ff17a0ab6a42f1828da54
SHA256 cbd9e9038bf5959e134ee55ebd6b8c802ee56c54d987a85441f33b361be3ace2
ssdeep96: faz / a0gIigdGy9d5gUB1 / ocZMftvZlwGAkyRjaoc0GwxYwF: faz / 9gIiaGy9DgUB1 / ocyfVfwGAZj9cc
The size of the file is 3.8 KB (3879 bytes)
File Type Text
DescriptionASCII text, with very long lines

Comments