2013-10-15 - Evolution
Urausy is going Regional in United States
As long as there will be people paying...I guess we'll have news to write about Ransomware.
Today I faced a new Design for Urausy in United States...Was wondering what was making it new.
See :
 |
| Urausy - Piece of Design US-NC - 2013-10 for Victims from North Carolina 2013-10-15 |
From Country specific Urausy design are now moving down to the State level.
One more :
 |
| Urausy - US-HI - 2013-10-15 Hawaii |
 |
| Urausy US-Region Failover 2013-10-15 (was previous global US design) |
Many States in one Picture :
 |
| State targeted Urausy for US in one Image (too small ? full size here : http://i.minus.com/iK8bXuvUSnOkY.png (8Mb) ) |
Infra :
I can see (but there are obviously more (in same range not activated, and in other unknown to me ranges) ) 120 ips that can serve indiferently as Kore Exploit Kit or as Urausy C&C.
184.82.177.22
41390 | 195.3.144.0/22 | RN-DATA | LV | ALTNET.LV | RN DATA SIA
195.3.147.17
41390 | 195.3.144.0/22 | RN-DATA | LV | ALTNET.LV | RN DATA SIA
46.161.27.166 up to 254
44050 | 46.161.27.0/24 | PIN | RU | PINSPB.RU | PETERSBURG INTERNET NETWORK LTD.
46.4.179.110
46.4.18.152
46.4.199.234
46.4.199.244
46.4.238.17 up to 30
24940 | 46.4.0.0/16 | HETZNER | DE | YOUR-SERVER.DE | VPSSERVER
93.189.44.145
41853 | 93.189.44.0/22 | NTCOM | RU | NT-COM.RU | LIMITED LIABILITY COMPANY NTCOM
94.242.206.252
94.242.206.32
94.242.206.37
94.242.206.61
94.242.206.73 up to 76
94.242.206.79
94.242.206.83
94.242.206.96
5577 | 94.242.192.0/18 | ROOT | LU | ROOT.LU | ROOT SA
By the way OT, here is a German Design which is new to me (but long time since i last checked) :
 |
| New (to me) variant for Urausy DE 2013-10 |
Files : Here (Owncloud via goo.gl) (All the Design I was able to gather :
Arizona, California, Georgia, Hawaii, Illinois, Indiana, Maryland, Nevada, New Jersey, New-York, North Carolina, Ohio, Pennsylvania, Texas, Utah, Washington )
Read More :
The missing link - Some lights on "Urausy" affiliate - 2013-05-29 <-- if you want to know more on what is behind.
Urausy Ransomware - July 2013 Design Refresh - "Summer 2013 Collection" 2013-07-28Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes! - 2013-07-24 - Jaromir Horejsi - Avast
Urausy Ransomware - Arab world targeted 2013-04-06