%2Bplugin%3AHiSiliconDVR %2Bcountry%3A%22Vietnam%22 %2Basn%3A%2218403%22 +country:"Japan" +events.leak.severity:"high" -ip:"52.192.0.0/13"
Found 2 files trough .DS_Store spidering:
/_backup
/wpcms
Found by DotDsStoreOpenPlugin
Found open SMB shares with Guest login
ADMIN$
C$
E$
IPC$
LANDISK
SampoERP
Users
wwwroot
YAccBackup$
Found by SmbPlugin
Found HiSiliconDVR firmware:
Hardware: General NBD7904T-PL-XPOE
Vulnerable to multiple issues : LFI, possibly RCE
Found by HiSiliconDVR
Indices: 2, document count: 2, size: 9.5 kB
Found index .kibana with 1 documents (5.2 kB)
Found index read-me with 1 documents (4.3 kB)
Ransom notes :
{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `h7pEfd` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
Analysis helper :
estk --url=http://153.246.0.43:9210 list
Found by ElasticSearchOpenPlugin
Found 45 files trough .DS_Store spidering:
/668
/668.psd
/668.zip
/bqwbzvvg.html
/css
/css/mdjzltvo.css
/css/qeggehib.css
/feqeyiqd.html
/img
/i...
Found by DotDsStoreOpenPlugin
Indices: 12, document count: 3, size: 25.4 kB
Found index msdwikimsd with 1 documents (8.6 kB)
Found index msswikimss with 0 documents (208 B)
Fo...
Ransom notes :
{"text":"Your DB has been back up. The only way of recovery is you must send 0.0057 BTC to 127ZBzXyLJFc7ShMmzkYFDhSiXXSnR8Jfr. Once paid please email databaserestore32@onionmail.org with code: `omoRmq` and we will recover your database. please read https://cutmyurl.com/3caF8EkT for more information"}
Analysis helper :
estk --url=http://133.186.146.116:9200 list
Found by ElasticSearchOpenPlugin
Found 124 files trough .DS_Store spidering:
/.vscode
/104.単一エコーの入射方向が単語了解度に及ぼす影響.pdf
/110.Parametric HRTF再考 -N1・N2・P1+P2による上方音像制御精度の改善-.pdf
/1...
Found by DotDsStoreOpenPlugin
Found open SMB shares with Guest login
ADMIN$
C$
D$
I$
IPC$
Users
共有
Found by SmbPlugin
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
fetch = +refs/heads/*:refs/remotes...
Found by GitConfigHttpPlugin
Found open SMB shares with Guest login
ADMIN$
C$
IPC$
Users
Found by SmbPlugin
Collections: 7, document count: 7, size: 2.5 kB
HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Content-Length: 85
It looks like ...
Analysis helper :
echo 'show dbs' | mongo --host 133.186.159.66 --port 27017
Found by MongoOpenPlugin
Indices: 2, document count: 2, size: 12.3 kB
Found index .kibana_1 with 1 documents (7.4 kB)
Found index read-me with 1 documents (4.9 kB)
Ransom notes :
{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `Y8N85w` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
Analysis helper :
estk --url=http://35.187.204.105:9200 list
Found by ElasticSearchOpenPlugin
Found open SMB shares with Guest login
IPC$
scan
Found by SmbPlugin
[core]
repositoryformatversion = 0
fileMode = false
bare = false
logallrefupdates = true
[remote "origin"]
#url = https://sereyk@bitbucket.o...
Found by GitConfigHttpPlugin
Found 74 files trough .DS_Store spidering:
/.well-known
/moodle
/moodle/.github
/moodle/.grunt
/moodle/.grunt/jsdoc
/moodle/.grunt/tasks
/moodle...
Found by DotDsStoreOpenPlugin
Found HiSiliconDVR firmware:
Hardware: General AHB7008T-MHV2
Vulnerable to multiple issues : LFI, possibly RCE
Found by HiSiliconDVR
Found 68 files trough .DS_Store spidering:
/bg.jpg
/bootstrap
/favicon.ico
/from_ito_server
/from_ito_server/ajaxchat
/from_ito_server/hako_php
...
Found by DotDsStoreOpenPlugin
Found HiSiliconDVR firmware:
Hardware: General AHB7004T-MHV2
Vulnerable to multiple issues : LFI, possibly RCE
Found by HiSiliconDVR
Found open SMB shares with Guest login
IPC$
Found by SmbPlugin
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = ssh://item.mapple@gmail.com@...
Found by GitConfigHttpPlugin