mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
commit
1b82d441b3
1 changed files with 15 additions and 0 deletions
|
@ -8534,6 +8534,21 @@
|
||||||
"https://twitter.com/struppigel/status/900238572409823232"
|
"https://twitter.com/struppigel/status/900238572409823232"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "SynAck",
|
||||||
|
"description": "The ransomware does not use a customized desktop wallpaper to signal its presence, and the only way to discover that SynAck has infected your PC is by the ransom notes dropped on the user's desktop, named in the format: RESTORE_INFO-[id].txt. For example: RESTORE_INFO-4ABFA0EF.txt\n In addition, SynAck also appends its own extension at the end of all files it encrypted. This file extensions format is ten random alpha characters for each file. For example: test.jpg.XbMiJQiuoh. Experts believe the group behind SynAck uses RDP brute-force attacks to access remote computers and manually download and install the ransomware.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Syn Ack"
|
||||||
|
],
|
||||||
|
"ransomnotes": [
|
||||||
|
"RESTORE_INFO-[id].txt"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": "Various",
|
"source": "Various",
|
||||||
|
|
Loading…
Reference in a new issue