Mr Robot , - SET (Social Engineer Toolkit). , IP- 192.251.68.254, . , WHOIS NBC-UNIVERSAL. , .
http://i239.bxjyb2jvda.net/ «YOUR PERSONAL FILES ARE ENCRYPTED» . 24 javascript, , , base64.
PGRpdiBjbGFzcz0ib3ZlciI+PGRpdj4iSSBzaW5jZXJlbHkg
YmVsaWV2ZSB0aGF0IGJhbmtpbmcgZXN0YWJsaXNobWVudHM
gYXJlIG1vcmUgZGFuZ2Vyb3VzIHRoYW4gc3RhbmRpbmcgYXJta
WVzLCBhbmQgdGhhdCB0aGUgcHJpbmNpcGxlIG9mIHNwZW5k
aW5nIG1vbmV5IHRvIGJlIHBhaWQgYnkgcG9zdGVyaXR5LCB1bm
RlciB0aGUgbmFtZSBvZiBmdW5kaW5nLCBpcyBidXQgc3dpbmRs
aW5nIGZ1dHVyaXR5IG9uIGEgbGFyZ2Ugc2NhbGUuIjwvZGl2Pjx
kaXYgY2xhc3M9ImF1dGhvciI+LSBUaG9tYXMgSmVmZmVyc29u
PC9zcGFuPjwvZGl2PjwvZGl2Pg==
:
, , , , «», .
–
, SSL- - NBC-UNIVERSAL, , Mr Server., Subject Alternative Names.
DNS Name=www.racksure.com
DNS Name=racksure.com
DNS Name=*.serverfarm.evil-corp-usa.com
DNS Name=www.e-corp-usa.com
DNS Name=iammrrobot.com
DNS Name=www.conficturaindustries.com
DNS Name=www.iammrrobot.com
DNS Name=*.seeso.com
DNS Name=*.evil-corp-usa.com
DNS Name=e-corp-usa.com
DNS Name=*.bxjyb2jvda.net
DNS Name=whoismrrobot.com
DNS Name=seeso.com
DNS Name=fsoc.sh
DNS Name=www.fsoc.sh
DNS Name=conficturaindustries.com
DNS Name=whereismrrobot.com
DNS Name=www.whoismrrobot.com
DNS Name=www.whereismrrobot.com
DNS Name=evil-corp-usa.com
DNS Name=www.seeso.com
, bkuw300ps345672-cs30.serverfarm.evil-corp-usa.com SSH.
https://fsoc.sh:
, , .
, , . .
https://www.fsoc.sh/assets/main.js
addHandlers: function() {
var t = this;
this.$(".eye__form").on("submit", this.handleSubmit), this.textView.on("typingEnded", function() {
t.appendEye(), t.startCursor("MzkzMzUzNTM5NTMzMzk1Mzc5OTUzNzMzMzM1MzUzOTM1Mw==")
})
},
startCursor: function(t) {
var e = this;
e.$(".eye__cursor").css("opacity", 0).removeClass("typing"), setTimeout(function() {
e.handleBlinkTime(window.atob(t), 0)
}, 500)
},
handleBlinkTime: function(t, e) {
var n = 300,
r = t.charAt(e),
i = 0,
o = n;
switch (r) {
case "9":
i = 3 * n;
break;
case "3":
i = n;
break;
case "5":
o = 3 * n;
break;
case "7":
o = 7 * n
}
var u = this;
i && u.$(".eye__cursor").css("opacity", 1), setTimeout(function() {
u.$(".eye__cursor").css("opacity", 0), setTimeout(function() {
t.length > e + 1 ? u.handleBlinkTime(t, e + 1) : setTimeout(function() {
u.handleBlinkTime(t, 0)
}, 4e3)
}, o)
}, i)
,
t.startCursor("MzkzMzUzNTM5NTMzMzk1Mzc5OTUzNzMzMzM1MzUzOTM1Mw==")
, ASCII, 3933535395333953799537333353539353.
3 "."
5 " "
7 "/"
9 "-"
3933535395333953799537333353539353
.-…. .- ...- ./-- ./…. .-.. == LEAVE ME HERE
, . . Kali Linux, bashdoor (shellshock) /etc/passwd, CAN- candump, Bluetooth btscanner Kali Linux, bluesniff MiTM- Meterpreter.
— SET, ransomware, IRC, BitchX — .
: QR-, , : http://www.conficturaindustries.com.
, :
, Mr Robot .
Mr Robot : @KorAdana, @ryankaz42, @AndreOnCyber, @MOBLAgentP, @IntelTechniques, @marcwrogers.