CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲
更多全球網路安全資訊盡在E安全官網www.easyaq.com
E安全7月22日訊 CryptoMix勒索軟體正以「迅雷不及掩耳之勢」發布新變種,這不禁讓人想到Locky開發人員散布Locky的方式。
美國時間7月19日,ID-Ransomware的邁克吉萊斯皮和Malwarebytes惡意軟體研究人員馬塞洛里韋羅發現兩個CryptoMix勒索軟體新變種。這兩個變種將NOOB或ZAYKA擴展名添加到加密文件,但提供相同的聯繫郵箱:admin@zayka.pro供受害者諮詢了解付款說明。
NOOB和ZAYKA勒索軟體變種有哪些變化?
除了勒索信內容和捆綁的公共加密密鑰之外,NOOB和ZAYKA變種沒有太大變化。這兩個變種使用的勒索信是一個TXT文檔_HELP_INSTRUCTION.TXT。這封勒索信提供聯繫郵箱拱admin@zayka.pro供受害者了解付款說明。
付款說明不同
使用zayka.pro電子郵箱的第一個變種是NOOB, 並附有十分簡短的勒索信。
而釋放ZAYKA變種顯示的勒索信內容更長。
另外,加密文件的擴展名也不同。值得注意的是,NOOB變種添加NOOB擴展名,而ZAYKA則添加ZAYKA擴展名, 加密文件夾示例如下:
這兩個變種最主要的不同之處在於,他們使用不同的公共RSA加密密鑰加密AES密鑰(用來加密受害者文件)。
IOCs 攻擊指示器(IOC)
文件哈希:
與NOOB和ZAYKA Cryptomix變種相關的文件名:
NOOB勒索信文本:
ZAYKA勒索信文本:
與NOOB和ZAYKA勒索軟體相關的電子郵件:
捆綁的NOOB公共RSA-1024密鑰
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTp02+iahQUVQQSGTYcAgUdyn8 R6D3+q/M1GwA4c6ePwXlsEJC8UC4hDE4otjs4Vae0MauQrvkYo2rnilCpiqsv0Oo
OjDgOHhHI1vUILpWjAVRu61DORWqdvQEH3x9GfGRIulKwhVdzll5sGS9pyGWAAGq XvJ8T/ods5V+M3nFvQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Zs4/PG+bhEhduEnmB/zS4Ps7
bD0EDn6q2tgpIwu7WF4NhDwnCQYeX9uweOs+x3pPKIHgZj7KtyOdwjJEMYt4yago
kMnp24CM413CbGz28tsSLifJpcDq7NdFlItv1foqE3EhxK4RnnsKRnlNnZOmJobj BXWAK7kI6PMjAsycjQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdcVWIUztGfqsyayX8MJ+MilwA OCMmaedwUkhcrOaZbEr/kjFAS/51dhxfUmoO2M6N51D1+Tlx1hFP0Bbea41ory14 /jXmBP/ARTPejT9wmAcdFSYL5RKqn21imymnSfllV7lLSS7fwzIhUibz/c13pk1w UFQpsQKlAmge6nPWMQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoXHPF5pGepB37MwkGshTi4N+q
KaRbRAk6b6tDUxHK8AWyNDJTFKLygvaNTxjAcpY467SDTXQq6EyvaCh2juaSzCLH
qxcwIVRMH4mtBI8RKx5bycWssbuZD6XwQpcS7WABqE8+BuYDmALgeh1W0UVBQge5 Alv8dKw5oY2B84RApQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfshy8WocDLQBfn36LclXu7obD
X5hCJFAKntVU3Siyy6XKnumyu/qsiwekxG0QkDrEuWZWGk+/w5qVf+bw1wXbKnBr
h2FiYqtXgN8pX7h6vDhYNWd80RKg0fxA7sRYoB7HCtel99BCcGOKvWbsr9hcFq3j EPtf81OdtqlTI6x6uwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ncKb3ppnuXs7NtizXtdHcKcj sfSIhS3E23j5Z4pxYfj3c3ipP8/gxu93/9b6qSQnQ87NRACf8NBbpr1XYR1kGkNK cRk+u1QsKsVyYP8QoMtnCPbxaIAxZ9qc2o8eFPt44IbOFNo4TS682ZnrgvCIl/D+ taf9I8jbrBTSbfxQ3wIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNdG6Kp5B6EHKVsENf2QudkLfe
TMzETNDGBk5cvGpj3On70vZGODVj/WfRe2iHyVE0ykT/iXXtb/C5gw3FePCSGVja
5S3qH9xh6Ncw5sFrsdgBbm7qPYSbRmux2VTjHlLE44ckkTTCSiTUL3KX/08cU04V hb/JtNwKF5bg3ycuhQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqqapIMkQJgyt8mfVLZRPIEU20
V8c3+JbWNCdtDrIucv5nsKxJ/hCCDCau8gVjNN5jWtLltoQ0NvwR94HZaUkXAjGq Iy+vvpc66SBLin8pJ/DzLtA3ouQBrYU2/9C75DrKGuCedEoAzoFkCjz/AokqjTkz xSIkf+5//Rpoj22lHwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHZ0EKaGTzyOxqaX2ePqAs46RU
HhLRsApVWfO0z3BADXv4cv2iGjSXRZE1g7dU/KNEVZrjuBRaHksWpXKIwI6v7vSJ
ZcxsaNRZNS+RTwJbu5VNc5uHBc5YPa7sdqocVrt3b6eXXPbn5gZcQY3L18TTd+S3 DljCC6h8BC80BJI6OQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkrR8CoTgor4sIybnVarCSWzMN
RIoH51qIgCWDx49UQYXXqCn7I4T2XL7iOD5Fb/LO8LLS/BC7xNETIBGwUsOLMUXq
0LT3wlASZX4l491JPAAzlGfspmWqOnxwFZh4e2kqbix9uTGRw7oC0v7n6pACJSLW ybODvrXAfJlITYUYIQIDAQAB
-----END PUBLIC KEY-----
捆綁的ZAYKA公共RSA-1024密鑰
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADIK8Hi/vs+urnYqWyH+fkMt6
lCsS1uf4wokMgfnbNxe+rKsmM8KuRTkIics/BuGHUlK0RZ6DKJds8ud4aaUvNWIe
21h8WGAk+mEkkP9b5jf6Y0emzJywOkoLeBKQtDnf+mfMVHXVx5cMxsPaEhaDY6uQ qwS4M2uDeFW0FEbeQwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADHfhTuIXFzdXH6FOVTIm8M6c m55aqg/XRY8m+/9Gmm+066fiKk5B2ruU4bwaVYfhUJ0HeFQMgEfzc9q3J5RS46Fh
xSD9Vl6WtG9pqKjS6KbwQSTYvLneD/1MGSHG76CJB9HjYTwlt/+KlmMvRmdWwnk3 S0chI6LgTpZW8zbhNwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN9UP0aonvf8xxNeUR7jFaC00R
MORdX/aSiBQoSiXhywFIpOVxTMrusxpIXdji3HrLxM4hzzcCLRD2H5xmOYiXSiVT
PUGIeAR6Ap9KWt9UHO30cqEWBMHuk9uGQBYudHg6m/5dj5MemNZXARIpiSpNRcIh TcBzL5k/t/pbp45g3wIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi/BG2i3T/uTm+bwghqK/bImxI
3nd5UGnrnUF4C9LPbBOhpcvM7iyV2uTTLVP83uRlAytvfG/8rBe1H0tPetqsh3LF
KNLu9rHTuyFhochOSIJBF56lJbyfiL4OI3sH5+EInIlNzrtxb0+h09XMVeFF4CJj RKn+o+wW1bZMqeWanQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjA9QZB4jB9teNg31FCDHsPFzE
iR5zwqfSJ/3uprDBZ7iZKZ6QKJHpSJe9K+u2Sra46UCKOJSaFfOuAzlMAkc1lcE9
SNgSgkbiz76QdFEDvskoo94Or20HEYzdDv2wkmAVfOQg3/0nmhKNN+Gw/jDhHZfN vzu4DJeXxuIc4oIE2QIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pakX7ojUj37cJNhboRYdHuE5
RzgqquEo0pQpzwG8vxFnBjLEJDoP20y2QAMZEEJo0DyXw2GbcZN5xMhKMRbCjYNE
hRoSTuYcTkAY2AbDbqR4sbgNdTlGi8zqxHLXTurpPtIGVEn5JlBFj4Zcv2fkxsAF /l9Z0JwnhPMQe9gQlwIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAc1+v2v3F2PPGdZvK7GOmm154
woeRPbR1OipklqWiT5SMLrS9mwFVxpbXABQMlvxVKdQHThBramUNCUpMPxGYIig6
IoyRhmIpbNDBOi2yArQEO7jDcBezzCfCIHQYXxttfv75VJmKEkbnd3oAPzwcFX6H pNlqkrJG2H0K92UfNQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqTZE2h1KVWGT+159fLmHyZt0R
99hclyZBLDenccqJ9q1jN1WPfXxCUOHwOsYGLgigA6MimPQFTOJhe7rt4h2SdLQe avIrtSzoa/YeT+NuVjCvljq8GllNGLRc/n6uSqFrpdUfXQ9BZwxS3ftq0nqboImx KAupahWdPNwFZf49QQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+HhrJXhEHmxQtq0nCBIPEpQo
Ic5S0X9rFcIWd/K3x3VHXoP1pZzkq5/r2LB1oikwCF6TcJuitq7l8WHd4qQzOFlH
maxrLhB9iCvHJvnQYoBJVSzQfnCT32ICxcz6rTACIZMt4H90gIp2EhH2WT1R84qW MMqnW2cy7R18BE+7zQIDAQAB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVSgsXhsD+ctN0pJdoAIEeopUW
CUIyV2LBdWOQp9G3sXeEvDmug53xWOlR0RFwS365IMxbpljhyquGmPwm53XelJ2n
5w7BPCVwgPbtdtyzE6LoR1MY2zg6vATpyecATb00gWyL1K4zoQi+zNwOifhG0wv8 e5SICAfU+Jjuwa61zQIDAQAB
-----END PUBLIC KEY-----
22
E安全推薦文章
官網:www.easyaq.com
2017年7月
01
02
03
04
05
06
07
※伊朗黑客成功竊取美國導彈設計軟體
※CIA計劃8月開始銷毀已泄露的相關機密文件
※Linux用戶小心!「Bad Taste」漏洞利用MSI文件運行任意代碼
TAG:E安全 |
※搶先預覽!UNDERCOVER x Nike 變種鞋款 Waffle Racer 設計
※Mirai 變種中的DGA
※Air Max 98 「變種」 —— Nike Air Max Axis 全新登場
※鋸齒型鯊魚外底!Converse 變種 Chuck Taylor All Star 系列登場
※Fortinet實驗室對Mirai新變種OMG的分析
※Converse 推出 All Star Gladiator Hi 變種羅馬涼鞋
※Satori變種利用開放的ADB埠在Android設備中傳播
※Nike 變種鞋款 Air VaporMax 95「Neon」更多細節曝光
※Asruex後門變種通過Office和Adobe漏洞感染word和PDF文檔
※機能飄帶載入!Nike Air Force 270 Utility 全新變種鞋款曝光
※Nike 變種鞋款 Air VaporMax 95「Neon」更多實物細節曝光
※Mirai和Gafgyt新變種利用Struts和SonicWall漏洞攻擊企業
※一個有趣的利用Equation對象的Remcos RAT變種
※研究人員發現SpectrePrime和MeltdownPrime新變種
※又有新花款—Nike 推出復古變種 Benassi Slide
※NVIDIA發現處理器漏洞新變種:成功黑掉一台i7 Macbook
※Mirai變種將C2隱藏在Tor網路中
※Nickelodeon 推出人氣動畫《Spongebob Squarepants》Memes 變種版本公仔
※間諜軟體Agent Tesla變種再現:通過特製Word文檔誘導安裝
※Mirai和Gafgyt殭屍網路新變種近期十分活躍