Cybercriminals are cashing money with cryptolocker and ransomware malware – and for that reason, we are seeing new types of cryptolockers and ransomware pop-up on the web.
The guys at malware-traffic-analysis.net have analysed a HydraCrypt ransomware sample, and they have made some cool findings.
The IOCs which are shared by malware-traffic-analysis;
- 188.8.131.52 port 80 – www.harbourfrontcentre.com – Compromised website
- 184.108.40.206 port 80 – vyetbr.tk – EITest gate
- 220.127.116.11 port 80 – qywr2kr.spyscj.site – Angler EK
- 18.104.22.168 port 80 – drivers-softprotect.eu – HydraCrypt callback traffic
The Hydracrypt ransomware is a “new” variant of the ransomware families, the ransomware also contains the Marvels “Hydra” logo. For more information about the Hydracrypt ransomware I strongly suggest you to take a look at the malware-traffic-analysis article.