Jasmin-Ransomware icon indicating copy to clipboard operation
Jasmin-Ransomware copied to clipboard

Published 20 hours ago verified publisher icon codesiddhant

HTTPS to api.ipify.org fails

Open josuesouza opened this issue 4 years ago • 3 comments

Hello,

I figured the encryptor stopped calling the handshake.php page that inserts the victim details in the database. After investigating, I noticed the TLS handshake between encryptor and api.ipify.org was failing. Looks like the client is using TLS 1.0 and the site does not support it anymore.

TLS

I changed the code to use plain HTTP by calling http://api.ipify.org and is working fine now.

josuesouza avatar Oct 29 '21 14:10 josuesouza

I had the same problem, thanks for the solution :=)

Did you manage to make the decrypter work?

snake9935 avatar Nov 01 '21 14:11 snake9935

Unfortunately not. I gave up after a while as I didn't need the decryption component for my use case (detecting ransomware behavior with threat hunting tools). I did try a few things but couldn't solve the issue. Probably would need someone with real skills on C#, which is not my case :)

josuesouza avatar Nov 01 '21 14:11 josuesouza

I also want to test my detection tools.

It's a pity not to go through with the test, I tried a lot of solutions but it still doesn't work :=)

I only know the Python language and powershell :=)

snake9935 avatar Nov 01 '21 15:11 snake9935