mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Fix Add FTCode Ransomware
This commit is contained in:
parent
eee9beca0f
commit
81cef767aa
1 changed files with 13 additions and 0 deletions
|
@ -13557,6 +13557,19 @@
|
||||||
"uuid": "6cea5546-1e2c-333a-4faf-033d461360b5",
|
"uuid": "6cea5546-1e2c-333a-4faf-033d461360b5",
|
||||||
"value": "Desync"
|
"value": "Desync"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.",
|
||||||
|
"meta": {
|
||||||
|
"encryption": "ChaCha20 and RSA",
|
||||||
|
"refs": [
|
||||||
|
"https://malpedia.caad.fkie.fraunhofer.de/details/win.maze",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/",
|
||||||
|
"https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6",
|
||||||
|
"value": "Maze"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "A targeted email campaign has been spotted distributing the JasperLoader to victims. While the JasperLoader was originally used to then install Gootkit, Certego has observed it now being used to infect victims with a new ransomware dubbed FTCODE. Using an invoice-themed email appearing to target Italian users, the attackers attempt to convince users to allow macros in a Word document. The macro is used to run PowerShell to retrieve additional PowerShell code.",
|
"description": "A targeted email campaign has been spotted distributing the JasperLoader to victims. While the JasperLoader was originally used to then install Gootkit, Certego has observed it now being used to infect victims with a new ransomware dubbed FTCODE. Using an invoice-themed email appearing to target Italian users, the attackers attempt to convince users to allow macros in a Word document. The macro is used to run PowerShell to retrieve additional PowerShell code.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
|
Loading…
Reference in a new issue