CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

科技 07-23

更多全球網路安全資訊盡在E安全官網www.easyaq.com

E安全7月22日訊 CryptoMix勒索軟體正以「迅雷不及掩耳之勢」發布新變種，這不禁讓人想到Locky開發人員散布Locky的方式。

美國時間7月19日，ID-Ransomware的邁克吉萊斯皮和Malwarebytes惡意軟體研究人員馬塞洛里韋羅發現兩個CryptoMix勒索軟體新變種。這兩個變種將NOOB或ZAYKA擴展名添加到加密文件，但提供相同的聯繫郵箱：admin@zayka.pro供受害者諮詢了解付款說明。

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

NOOB和ZAYKA勒索軟體變種有哪些變化？

除了勒索信內容和捆綁的公共加密密鑰之外，NOOB和ZAYKA變種沒有太大變化。這兩個變種使用的勒索信是一個TXT文檔_HELP_INSTRUCTION.TXT。這封勒索信提供聯繫郵箱拱admin@zayka.pro供受害者了解付款說明。

付款說明不同

使用zayka.pro電子郵箱的第一個變種是NOOB, 並附有十分簡短的勒索信。

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

而釋放ZAYKA變種顯示的勒索信內容更長。

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

另外，加密文件的擴展名也不同。值得注意的是，NOOB變種添加NOOB擴展名，而ZAYKA則添加ZAYKA擴展名, 加密文件夾示例如下：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

這兩個變種最主要的不同之處在於，他們使用不同的公共RSA加密密鑰加密AES密鑰（用來加密受害者文件）。

IOCs 攻擊指示器（IOC）

文件哈希：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

與NOOB和ZAYKA Cryptomix變種相關的文件名：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

NOOB勒索信文本：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

ZAYKA勒索信文本：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

與NOOB和ZAYKA勒索軟體相關的電子郵件：

CryptoMix勒索軟體變種ZAYKA和NOOB接踵來襲

捆綁的NOOB公共RSA-1024密鑰

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTp02+iahQUVQQSGTYcAgUdyn8 R6D3+q/M1GwA4c6ePwXlsEJC8UC4hDE4otjs4Vae0MauQrvkYo2rnilCpiqsv0Oo

OjDgOHhHI1vUILpWjAVRu61DORWqdvQEH3x9GfGRIulKwhVdzll5sGS9pyGWAAGq XvJ8T/ods5V+M3nFvQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Zs4/PG+bhEhduEnmB/zS4Ps7

bD0EDn6q2tgpIwu7WF4NhDwnCQYeX9uweOs+x3pPKIHgZj7KtyOdwjJEMYt4yago

kMnp24CM413CbGz28tsSLifJpcDq7NdFlItv1foqE3EhxK4RnnsKRnlNnZOmJobj BXWAK7kI6PMjAsycjQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdcVWIUztGfqsyayX8MJ+MilwA OCMmaedwUkhcrOaZbEr/kjFAS/51dhxfUmoO2M6N51D1+Tlx1hFP0Bbea41ory14 /jXmBP/ARTPejT9wmAcdFSYL5RKqn21imymnSfllV7lLSS7fwzIhUibz/c13pk1w UFQpsQKlAmge6nPWMQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoXHPF5pGepB37MwkGshTi4N+q

KaRbRAk6b6tDUxHK8AWyNDJTFKLygvaNTxjAcpY467SDTXQq6EyvaCh2juaSzCLH

qxcwIVRMH4mtBI8RKx5bycWssbuZD6XwQpcS7WABqE8+BuYDmALgeh1W0UVBQge5 Alv8dKw5oY2B84RApQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfshy8WocDLQBfn36LclXu7obD

X5hCJFAKntVU3Siyy6XKnumyu/qsiwekxG0QkDrEuWZWGk+/w5qVf+bw1wXbKnBr

h2FiYqtXgN8pX7h6vDhYNWd80RKg0fxA7sRYoB7HCtel99BCcGOKvWbsr9hcFq3j EPtf81OdtqlTI6x6uwIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ncKb3ppnuXs7NtizXtdHcKcj sfSIhS3E23j5Z4pxYfj3c3ipP8/gxu93/9b6qSQnQ87NRACf8NBbpr1XYR1kGkNK cRk+u1QsKsVyYP8QoMtnCPbxaIAxZ9qc2o8eFPt44IbOFNo4TS682ZnrgvCIl/D+ taf9I8jbrBTSbfxQ3wIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNdG6Kp5B6EHKVsENf2QudkLfe

TMzETNDGBk5cvGpj3On70vZGODVj/WfRe2iHyVE0ykT/iXXtb/C5gw3FePCSGVja

5S3qH9xh6Ncw5sFrsdgBbm7qPYSbRmux2VTjHlLE44ckkTTCSiTUL3KX/08cU04V hb/JtNwKF5bg3ycuhQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqqapIMkQJgyt8mfVLZRPIEU20

V8c3+JbWNCdtDrIucv5nsKxJ/hCCDCau8gVjNN5jWtLltoQ0NvwR94HZaUkXAjGq Iy+vvpc66SBLin8pJ/DzLtA3ouQBrYU2/9C75DrKGuCedEoAzoFkCjz/AokqjTkz xSIkf+5//Rpoj22lHwIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHZ0EKaGTzyOxqaX2ePqAs46RU

HhLRsApVWfO0z3BADXv4cv2iGjSXRZE1g7dU/KNEVZrjuBRaHksWpXKIwI6v7vSJ

ZcxsaNRZNS+RTwJbu5VNc5uHBc5YPa7sdqocVrt3b6eXXPbn5gZcQY3L18TTd+S3 DljCC6h8BC80BJI6OQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkrR8CoTgor4sIybnVarCSWzMN

RIoH51qIgCWDx49UQYXXqCn7I4T2XL7iOD5Fb/LO8LLS/BC7xNETIBGwUsOLMUXq

0LT3wlASZX4l491JPAAzlGfspmWqOnxwFZh4e2kqbix9uTGRw7oC0v7n6pACJSLW ybODvrXAfJlITYUYIQIDAQAB

-----END PUBLIC KEY-----

捆綁的ZAYKA公共RSA-1024密鑰

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADIK8Hi/vs+urnYqWyH+fkMt6

lCsS1uf4wokMgfnbNxe+rKsmM8KuRTkIics/BuGHUlK0RZ6DKJds8ud4aaUvNWIe

21h8WGAk+mEkkP9b5jf6Y0emzJywOkoLeBKQtDnf+mfMVHXVx5cMxsPaEhaDY6uQ qwS4M2uDeFW0FEbeQwIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADHfhTuIXFzdXH6FOVTIm8M6c m55aqg/XRY8m+/9Gmm+066fiKk5B2ruU4bwaVYfhUJ0HeFQMgEfzc9q3J5RS46Fh

xSD9Vl6WtG9pqKjS6KbwQSTYvLneD/1MGSHG76CJB9HjYTwlt/+KlmMvRmdWwnk3 S0chI6LgTpZW8zbhNwIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN9UP0aonvf8xxNeUR7jFaC00R

MORdX/aSiBQoSiXhywFIpOVxTMrusxpIXdji3HrLxM4hzzcCLRD2H5xmOYiXSiVT

PUGIeAR6Ap9KWt9UHO30cqEWBMHuk9uGQBYudHg6m/5dj5MemNZXARIpiSpNRcIh TcBzL5k/t/pbp45g3wIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi/BG2i3T/uTm+bwghqK/bImxI

3nd5UGnrnUF4C9LPbBOhpcvM7iyV2uTTLVP83uRlAytvfG/8rBe1H0tPetqsh3LF

KNLu9rHTuyFhochOSIJBF56lJbyfiL4OI3sH5+EInIlNzrtxb0+h09XMVeFF4CJj RKn+o+wW1bZMqeWanQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjA9QZB4jB9teNg31FCDHsPFzE

iR5zwqfSJ/3uprDBZ7iZKZ6QKJHpSJe9K+u2Sra46UCKOJSaFfOuAzlMAkc1lcE9

SNgSgkbiz76QdFEDvskoo94Or20HEYzdDv2wkmAVfOQg3/0nmhKNN+Gw/jDhHZfN vzu4DJeXxuIc4oIE2QIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pakX7ojUj37cJNhboRYdHuE5

RzgqquEo0pQpzwG8vxFnBjLEJDoP20y2QAMZEEJo0DyXw2GbcZN5xMhKMRbCjYNE

hRoSTuYcTkAY2AbDbqR4sbgNdTlGi8zqxHLXTurpPtIGVEn5JlBFj4Zcv2fkxsAF /l9Z0JwnhPMQe9gQlwIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAc1+v2v3F2PPGdZvK7GOmm154

woeRPbR1OipklqWiT5SMLrS9mwFVxpbXABQMlvxVKdQHThBramUNCUpMPxGYIig6

IoyRhmIpbNDBOi2yArQEO7jDcBezzCfCIHQYXxttfv75VJmKEkbnd3oAPzwcFX6H pNlqkrJG2H0K92UfNQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqTZE2h1KVWGT+159fLmHyZt0R

99hclyZBLDenccqJ9q1jN1WPfXxCUOHwOsYGLgigA6MimPQFTOJhe7rt4h2SdLQe avIrtSzoa/YeT+NuVjCvljq8GllNGLRc/n6uSqFrpdUfXQ9BZwxS3ftq0nqboImx KAupahWdPNwFZf49QQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+HhrJXhEHmxQtq0nCBIPEpQo

Ic5S0X9rFcIWd/K3x3VHXoP1pZzkq5/r2LB1oikwCF6TcJuitq7l8WHd4qQzOFlH

maxrLhB9iCvHJvnQYoBJVSzQfnCT32ICxcz6rTACIZMt4H90gIp2EhH2WT1R84qW MMqnW2cy7R18BE+7zQIDAQAB

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVSgsXhsD+ctN0pJdoAIEeopUW

CUIyV2LBdWOQp9G3sXeEvDmug53xWOlR0RFwS365IMxbpljhyquGmPwm53XelJ2n

5w7BPCVwgPbtdtyzE6LoR1MY2zg6vATpyecATb00gWyL1K4zoQi+zNwOifhG0wv8 e5SICAfU+Jjuwa61zQIDAQAB

-----END PUBLIC KEY-----

E安全推薦文章

官網：www.easyaq.com

2017年7月

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！