+plugin:ElasticSearchOpenPlugin -ip:"124.220.0.0/14" +events.leak.severity:"medium" +ip:"101.42.0.0/15" +l9fp:"831cb76b8e05df469496f6ab6f29170d4f9d11c34f9d11c34f9d11c34f9d11c3"
Indices: 2, document count: 3, size: 13.9 kB
Found index read-me with 1 documents (5.1 kB)
Found index .kibana with 2 documents (8.8 kB)
Ransom notes :
{"message": "Your DB has been back up. The only way of recovery is you must send 0.01 BTC to bc1qaua9cwrp0g2nqg2txn86e7k376v0xm4m0yfcfq. Once paid please email dar0kmdb@tutanota.com with code: `riDAZo` and we will recover your database. please read https://paste.sh/u6JYxXwk#PwdBc7jVzqo9-h12zU5hyPYP for more information"}
Analysis helper :
estk --url=http://101.43.73.182:9200 list
Found by ElasticSearchOpenPlugin