BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The new version of Medusa first deletes user files, and only then asks for a ransom

    A new version of the Medusa DDoS botnet based on the Mirai code has been spotted in the wild (ITW) with a ransomware module and a brute force tool.

    Medusa is a type of malware that has been advertised on dark web markets since 2015. In 2017, malware acquired the ability to carry out DDoS attacks.

    Cyble said the new variant of Medusa is based on the leaked Mirai botnet source code and inherits its Linux-targeting and DDoS attack capabilities.

    Moreover, Medusa is now advertised as MaaS (malware as a service) for DDoS attacks or mining through a special portal. The malware promises stability, support, client anonymity, an easy-to-use API, and flexible pricing depending on specific needs.

    Particularly interesting in the new version of Medusa is the ransomware feature, which can encrypt certain types of files of the customer's choice. The files are encrypted using 256-bit AES encryption and have the ".medusastealer" extension appended to their name.

    It's funny that the version of Medusa, which got tested by Cyble representatives, was "broken". Since after encrypting files on the device, the malware simply turned off for 24 hours, and then deleted all encrypted data.

    It wasn't until the files were deleted that a ransom notice appeared asking for a payment of 0.5 BTC ($11,400). However, there was nothing to "redeem" anymore. An unfortunate mistake significantly affected both the earnings of hackers and their reputation. The case is really out of the ordinary. One way or another, the current state of the code makes it clear that the software is still under development.

    Even though the new version of Medusa has a data exfiltration tool, the malware does not steal user files before encryption. Instead, it focuses on collecting basic system information that helps identify victims and evaluate their computer resources, which can later be used for mining or DDoS attacks.

    The new version of Medusa also has a built-in brute force hacking program. It bruteforces credentials for devices within the network, then looks for other devices with Telnet services on port 23 and attempts to connect to them using the obtained IP addresses and combination of credentials. If successful, Medusa infects the system with the main payload ("infection_medusa_stealer"), giving attackers free rein.

    Author DeepWeb
    The developers explained the reasons for the slow and unstable work of Tor
    Grouping Nodaria uses a new infostealer in attacks on state institutions of Ukraine

    Comments 0

    Add comment