November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-1255 – Microsoft Defender Denial of Service Vulnerability
September 24, 2019Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019Rewterz Threat Advisory – CVE-2019-1255 – Microsoft Defender Denial of Service Vulnerability
September 24, 2019Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure
September 24, 2019
Severity
Medium
Analysis Summary
A new variant of QNAPCrypt Ransomware targeting Linux-based file storage systems (NAS servers) is found. FullofDeep, a Russian cybercrime group operating from the Union State and the Ukraine appears to be operating this ransomware. The new variant utilizes geo-location information in order to determine whether or not the malware will operate. The algorithm the attackers chose to encrypt the filesystem with is AES CFB. The attackers demand to be contacted via a protonmail email account. Below is the ransomnote associated with it.
Impact
Files Encryption
Indicators of Compromise
Email Address
fullofdeep[@]protonmail[.]com
Malware Hash (MD5/SHA1/SH256)
- 50470f94e7d65b50bf00d7416a9634d9e4141c5109a78f5769e4204906ab5f0b
- 8dd59345cc034317630b2ac2ee19b362
Remediation
- Block the threat indicators at respective controls.
- Do not download email attachments coming from untrusted sources.
- Always scan files before executing.