OSINT Dojo - OSINT challenge week 01/31/2021 - Ransomware

20 de set de 2021

The challenge is the following:

Methodology:

I used shodan with the following dork: windows server 2008 R2 standard "bad news" and ended up with two results

Filtering the results from the OSINT Dojo picture the picture doesnt contain the EN windows button so the result is the image without the EN button

After that do a exact match of the text of the picture "Dear Owner. Bad news: your server was hacked. For more information and recommendations, write to our experts by e-mail. When you start Windows, Windows Defender works to help protect your PC by scanning for malicious or unwanted software." on google and watch the results

From google results we can see the name of the ransomware

If we open the second website we have the name of the ransomware and also the extensions

Answers:

What IP is currently displaying the attached message?

136.243.152.235

Which Ransomware is responsible for the attached message?

SOREBRECT Ransomware

What file extension does this strain of Ransomware utilize?

.pr0tect