CradleCore Ransomware as source code

By -

CradleCore Ransomware as source code


According to the experts at Forcepoint, the author is offering the malware in many Tor-based crime forums as source code allowing crooks to request a customized version of the code.
The CradleCore ransomware is offered by the author as a C++ source code along with the necessary PHP web server scripts and a payment panel, the malware goes for 0.35 Bitcoin (around $400) but the price is negotiable.



“Typically, ransomware is monetized by developers using the RaaS business model. If that doesn’t work, only then the will the developers consider selling the source code.” reads the analysis published by Forcepoint.
CradleCore is offered as a C++ source code with PHP server scripts and a payment panel. It started to be sold on a few Tor-based sites over two weeks ago for a negotiable price starting at 0.35 BTC (approximately 428 USD)”
According to the experts, this model of sale will lead to the development of new variants derived from CradleCore.
The ransomware is offered with a relatively complete feature set, it uses Blowfish for file encryption and allows offline encryption too.
The malicious code implements an anti-sandbox mechanism and communicates to command and control server via a Tor2Web gateway.
Once infected a system, the CradleCore ransomware encrypts files and to drops a ransom note on the system. When the malware encrypts the files it appends the .cradle extension to them.
CradleCore Ransomware
Experts from Forcepoint that analyzed the readme file, believe that the author of the malware is a developer without a significant experience in malware coding.
The researchers discovered more about the author by conducting further analysis on the advertisement site for CradleCore ransomware.
“While the advertisement site for CradleCore is hosted on the dark web, the site’s Apache server status page appears to be accessible to the public. The logs appeared to show that the Apache server hosting the Onion site has a second Virtual Host (VHost) hosting a clearnet website. VHosts, to those unfamiliar, allow multiple websites to be hosted on a single machine and IP address:” reads the analysis.
“The Linode-assigned IP address hosting the clearnet site appears to be exclusive-use. Essentially, this could mean either that the server is compromised and is abused to host the CradleCore website or that the clearnetwebsite and CradleCore belong to the same owner.
Digging around the contents of that clearnet website led us to the website owner’s personal site who appears to be working as a freelance software developer. From the information available on his personal website we managed to find his Twitter and LinkedIn account where it is indicated that he is a C++ programmer.”
Of course, this means that the owner of the clearnet site that is used to sell the ransomware is linked to a freelance C++ developer, but there is no proof that he is also the coder.
Concluding Forcepoint researchers believe the ransomware may be the first project of a novice malware develop

Source:eHackNews - The Hacking News

Comments

Post a Comment

Popular posts from this blog

Advanced Google Dorking Commands

By -
Image
By  Aditya010 Introduction: Google hacking, also known as Google Dorking, is a computer hacking technique that uses Google Search and other  Google  applications to find security holes in the configuration and computer code that websites use. Google Dorking involves using advanced operators in the Google  search engine  to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable  Web applications . As you progress in your use of Google Dorks, here are some advanced commands to test out:  site:static.ow.ly/docs/ intext:@gmail.com | Password filetype:sql intext:wp_users phpmyadmin intext:”Dumping data for table `orders`” “Index of /wp-content/uploads/backupbuddy_backups” zip Zixmail inurl:/s/login? inurl:/remote/login/ intext:”please login”|intext:”FortiToken clock drift detected” inurl:/WebInterface/login.html inurl:dynamic.php?page=mailbox inurl:/sap/bc/webdynpro/sap/ | “sap-system-log
Read more

How much money can I make from AdSense with 1000 visitors per day ?

By -
Image
How much money can I make from AdSense with 1000 visitors per day ? Thanks for the a2a.   This is one of the most frequently asked AdSense questions and also one of the hardest to give a valuable answer to, as there are a lot of variables in play.   Average earnings per 1,000  ad impressions  are said to be around $1 across the whole of the global network, but that isn’t very indicative of real results for most. The short version of the answer is that, if you want to find out what AdSense could earn on your website you need to run AdSense. You also need to be prepared to put some work in to optimise it and achieve your earnings potential. For the long answer read on.  I’ll walk through the variables, starting on the assumption that a site is hitting that $1 average:   If you earned $1 impression CPM, what would 1,000 visitors a day earn you? If you know the CPM then the remaining variables are: Ads per page : The average number of ad units displayed per page impression Page
Read more

Oneal Ron Morris : Fake Hospital

By -
Image
Fake doc gets prison for deadly butt injections A woman dubbed the  “Toxic Tush” doctor  will spend a decade behind bars for using Super Glue and Fix-a-Flat tire sealant to enlarge women’s behinds and causing one patient to die. Oneal Ron Morris, 36, who is transgender, was sentenced to 10 years Monday in Florida’s Broward County court after pleading guilty to manslaughter and injecting several women with the toxic mixture,  according to CBS Miami . Shatarka Nuby, 31, died after receiving as many as 10 injections from Morris between 2007 and 2010. She paid Morris as much as $2,000 for the deadly procedures,  the Sun-Sentinel reported . “There’s no closure. Putting [Morris] in jail won’t bring her back,” said Nuby’s aunt Juanita in court. Morris, who is not a licensed doctor, combined silicone, mineral oil, Fix-a-Flat tire sealant, cement and Super Glue to give women shapelier backsides. She previously served a year in prison on related charges. Several of her pat
Read more