Blevene Blevene

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Blevene
                / keybase.md
            
            
              Created
              October 7, 2014 00:39
            
          
    Keybase proof

I hereby claim:

I am blevene on github.
I am blevene (https://keybase.io/blevene) on keybase.
I have a public key whose fingerprint is 2046 672C F8CC E352 CDD9  2A5A AC7E
6308 7228 C78D

To claim this, I am signing this object:

  
## EyePyramidSamples
5847072fd4db9e83d02d8b40a1d67850
f41be516fa8da87a269845c9ea688749
b39a673a5d2ceaa1fb5571769097ca77
9d3ce3246975ae6d545ee9e8ba12d164
ed46b42aa7460b2ab2a70f472b4a287b
c547a30fa39f22e2093b51ed254bb1c2
05b8edc9ee53407a595a6d62c8b9f0fd
3c30f0114c600510fdb2573cc48d5c06
12f3635ab1de63fbcb5e1c492424c605
6b97b80896ef64039018c7184b2308c3

## Google Docs Worm Callbacks
googledocs.docscloud.download
googledocs.docscloud.info
googledocs.docscloud.win
googledocs.g-cloud.pro
googledocs.g-cloud.win
googledocs.g-docs.pro
googledocs.g-docs.win
googledocs.gdocs.download
googledocs.gdocs.pro
googledocs.gdocs.win

## Jaff Hashes
3ec65af6980912c524f39056cbe59ee36f8dbe3388b8dee6d8b96c26b0d93ac4
b8995f41b658fef5254430865dd8b1e4bafeacf1ccb25a039afc6e8c28f21875
84b866419987e0b25a12d860858f847541ad501b2aa3bb0aa5c6bbeefe76fee8
91d7433fc106172b8de564dbacd8489806a652223d5b93ea51593027e13ef087
a53901d231325c016ea584cb4e0f1076801de695690138a57500312573fbbc44
59f30cc60faefacd60327e0562a6fd885d6d7f343658ea7843e56cf8725b8443
5c6922ae1df26173400440b4d73a52adc3bccdb37c4a855bc8013d5882bdc7fa
9e57c1b4e2c29ac381c5a02d2800beb7c31a111025252a4848695c31c0ef15b6
a4fd6245425fa23983153cda2d6b05b131c72843a26dcf66aca7fefb603675bc
42198c66ce639bc5b796cf3edc247dacae42099f5c2cfee55c401888bf378c81

## WCry UK + ES
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

## gist:6aff12fb83c0ad481246f1a68943f9bb
HKLM\SYSTEM\ControlSet001\services\Jklmno\Description , Value:Jklmnopq Stuvwxyab Defghij Lmnopqrs Uvw

## Petya aka NotPetya aka Fuckya
64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

## UnknownLoader
41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a
6f681a0f9405d128c143e7ebb3feb5856daddcecf7f7470ac61e6c597f564173
c0991e1099bb260b71bf5398a98527a99f07154c9701a649b7ba1c66785bd3df
6294e0dacade2097d7f9455c966db65d2c5306bf705e11f176826dec5a1a1644
aa8216a859d49acdfdef302eed42b178d94ee03a88a1453d85061bd1d13763aa
e176c5e755146f40a4dbb01e4c7ebf0d0c8464b364198e682b646f19dc49d836
d2b1423746fe69febe62d89cca5b59c900189eaca2016b5b62d440762c8518ad
381754c11d86714845582a9197e324d9144dc471c428ecf8e1f78e392bd9f675
504ba1abbcb196f67c2bb6bc1b0942f38199cf43ab573f702c2ca44081cec6fa
6f9ad8ffea96e22659d457f8154a80d6db8c7b3bc414b8215c120ddffa21f43a

## LinkNet IOCs
C2:
hxxp://4itiotvaski.ucoz.net/rat/core/users.info
hxxp://goglik.usite.pro/rat/core/users.info
hxxp://goglik.usite.pro/users/6_User/command.info
hxxp://ezzev3l.ucoz.net/rat/core/users.info
hxxp://ftprat.ucoz.com/rat/core/users.info
hxxp://site2017.usite.pro/rat/core/users.info
hxxp://decrypt1337.ucoz.net/rat/core/users.info
hxxp://linknet12.ucoz.net/rat/core/users.info
hxxp://zalmanxxx.usite.pro/rat/core/users.info

## Filenames
Informationen #  558760280928.doc
Informationen #  8104038723.doc
Invoice #38608290.doc
Invoice #639002322639.doc
Rechnung #  3310283.doc
Rechnung #  640507209.doc
Rechnung #  72120749699.doc
Rechnung #  953444866.doc
Rechnungs-Details #  4168802.doc
Rechnungs-Details #  54430860.doc
	5847072fd4db9e83d02d8b40a1d67850
	f41be516fa8da87a269845c9ea688749
	b39a673a5d2ceaa1fb5571769097ca77
	9d3ce3246975ae6d545ee9e8ba12d164
	ed46b42aa7460b2ab2a70f472b4a287b
	c547a30fa39f22e2093b51ed254bb1c2
	05b8edc9ee53407a595a6d62c8b9f0fd
	3c30f0114c600510fdb2573cc48d5c06
	12f3635ab1de63fbcb5e1c492424c605
	6b97b80896ef64039018c7184b2308c3
	googledocs.docscloud.download
	googledocs.docscloud.info
	googledocs.docscloud.win
	googledocs.g-cloud.pro
	googledocs.g-cloud.win
	googledocs.g-docs.pro
	googledocs.g-docs.win
	googledocs.gdocs.download
	googledocs.gdocs.pro
	googledocs.gdocs.win
	3ec65af6980912c524f39056cbe59ee36f8dbe3388b8dee6d8b96c26b0d93ac4
	b8995f41b658fef5254430865dd8b1e4bafeacf1ccb25a039afc6e8c28f21875
	84b866419987e0b25a12d860858f847541ad501b2aa3bb0aa5c6bbeefe76fee8
	91d7433fc106172b8de564dbacd8489806a652223d5b93ea51593027e13ef087
	a53901d231325c016ea584cb4e0f1076801de695690138a57500312573fbbc44
	59f30cc60faefacd60327e0562a6fd885d6d7f343658ea7843e56cf8725b8443
	5c6922ae1df26173400440b4d73a52adc3bccdb37c4a855bc8013d5882bdc7fa
	9e57c1b4e2c29ac381c5a02d2800beb7c31a111025252a4848695c31c0ef15b6
	a4fd6245425fa23983153cda2d6b05b131c72843a26dcf66aca7fefb603675bc
	42198c66ce639bc5b796cf3edc247dacae42099f5c2cfee55c401888bf378c81
	4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
	24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
	b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
	64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1
	027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
	41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a
	6f681a0f9405d128c143e7ebb3feb5856daddcecf7f7470ac61e6c597f564173
	c0991e1099bb260b71bf5398a98527a99f07154c9701a649b7ba1c66785bd3df
	6294e0dacade2097d7f9455c966db65d2c5306bf705e11f176826dec5a1a1644
	aa8216a859d49acdfdef302eed42b178d94ee03a88a1453d85061bd1d13763aa
	e176c5e755146f40a4dbb01e4c7ebf0d0c8464b364198e682b646f19dc49d836
	d2b1423746fe69febe62d89cca5b59c900189eaca2016b5b62d440762c8518ad
	381754c11d86714845582a9197e324d9144dc471c428ecf8e1f78e392bd9f675
	504ba1abbcb196f67c2bb6bc1b0942f38199cf43ab573f702c2ca44081cec6fa
	6f9ad8ffea96e22659d457f8154a80d6db8c7b3bc414b8215c120ddffa21f43a
	C2:
	hxxp://4itiotvaski.ucoz.net/rat/core/users.info
	hxxp://goglik.usite.pro/rat/core/users.info
	hxxp://goglik.usite.pro/users/6_User/command.info
	hxxp://ezzev3l.ucoz.net/rat/core/users.info
	hxxp://ftprat.ucoz.com/rat/core/users.info
	hxxp://site2017.usite.pro/rat/core/users.info
	hxxp://decrypt1337.ucoz.net/rat/core/users.info
	hxxp://linknet12.ucoz.net/rat/core/users.info
	hxxp://zalmanxxx.usite.pro/rat/core/users.info
	Informationen # 558760280928.doc
	Informationen # 8104038723.doc
	Invoice #38608290.doc
	Invoice #639002322639.doc
	Rechnung # 3310283.doc
	Rechnung # 640507209.doc
	Rechnung # 72120749699.doc
	Rechnung # 953444866.doc
	Rechnungs-Details # 4168802.doc
	Rechnungs-Details # 54430860.doc