Add FTCode Ransomware

This commit is contained in:
rmkml 2019-11-22 21:16:40 +01:00
parent 90bc667988
commit eee9beca0f

View file

@ -13558,18 +13558,19 @@
"value": "Desync" "value": "Desync"
}, },
{ {
"description": "Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.", "description": "A targeted email campaign has been spotted distributing the JasperLoader to victims. While the JasperLoader was originally used to then install Gootkit, Certego has observed it now being used to infect victims with a new ransomware dubbed FTCODE. Using an invoice-themed email appearing to target Italian users, the attackers attempt to convince users to allow macros in a Word document. The macro is used to run PowerShell to retrieve additional PowerShell code.",
"meta": { "meta": {
"encryption": "ChaCha20 and RSA", "payment-method": "Bitcoin",
"price": "0.06",
"refs": [ "refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.maze", "https://www.certego.net/en/news/malware-tales-ftcode/",
"https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/", "https://exchange.xforce.ibmcloud.com/collection/FTCODE-Ransomware-45dacdc2d5cf30722ced20b9d37988c2",
"https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us" "https://malpedia.caad.fkie.fraunhofer.de/details/ps1.ftcode"
] ]
}, },
"uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6", "uuid": "7cea9946-1f4d-441a-4ebf-044d442454b6",
"value": "Maze" "value": "FTCode"
} }
], ],
"version": 72 "version": 73
} }