TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > 資料: The Week in Ransomware > The Week in Ransomware - January 27th 2023 - 'We hacked the hackers'

The Week in Ransomware - January 27th 2023 - 'We hacked the hackers'

資料: The Week in Ransomware *マルウェア種別: ランサムウェア / Ransomware

【ニュース】

◆The Week in Ransomware - January 27th 2023 - 'We hacked the hackers' (BleepingComputer, 2023/01/27 19:08)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-27th-2023-we-hacked-the-hackers/


【詳細】

■2023年1月23日 (月)

◆New Dharma ransomware variants (PCrisk(Twitter), 2023/01/23)

Ransomware: Nlb (Dharma/CrySis)
拡張子: .nlb
Ransomnote: FILES ENCRYPTED.txt / Info.hta
Sha256: 4c21b335baf9907cfaec588f25354b804b3d59f3882d923fbaf0d929b933ef49
https://www.virustotal.com/gui/file/4c21b335baf9907cfaec588f25354b804b3d59f3882d923fbaf0d929b933ef49/detection

https://twitter.com/pcrisk/status/1617396568893816834

◆New Stop ransomware variant (PCrisk(Twitter), 2023/01/23)

Ransomware: Stop/Djvu (v0636)
拡張子: .mztu
Ransomnote: _readme.txt
Sha256: 56b1b7b168c8903258910eca42bac063fb8bb00405d629caa14ba10cdc211d86
https://www.virustotal.com/gui/file/56b1b7b168c8903258910eca42bac063fb8bb00405d629caa14ba10cdc211d86/detection

https://twitter.com/pcrisk/status/1617424787911106560

◆New VoidCrypt ransomware variant (PCrisk(Twitter), 2023/01/23)

Ransomware: MrWhite (oidCrypt)
拡張子: .MrWhite
Ransomnote: Dectryption-guide.txt
Sha256: 83cf3a2ccadf0c6d2fb61d3735ccf941c1661e7f3d1e38580ad6bf4a036db951
https://www.virustotal.com/gui/file/83cf3a2ccadf0c6d2fb61d3735ccf941c1661e7f3d1e38580ad6bf4a036db951/detection

https://twitter.com/pcrisk/status/1617508010267492355


■2023年1月24日 (火)

◆Ransomware access brokers use Google ads to breach your networ (BleepingComputer, 2023/01/24 18:07)
[ランサムウェアのアクセスブローカーがGoogle広告を利用してネットワークに侵入]
Ransomware access brokers use Google ads to breach your networ
https://malware-log.hatenablog.com/entry/2023/01/24/000000_6

◆Vice Society Ransomware Group Targets Manufacturing Companies (Trendmicro, 2023/01/24)
[製造業を狙うランサムウェア「Vice Society」グループ]

Ransomware: Vice Society

https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html
https://malware-log.hatenablog.com/entry/2023/01/24/000000_7

◆New MedusaLocker ransomware variant (PCrisk(Twitter), 2023/01/24)

Ransomware: MedusaLocker
拡張子: .filesencrypted
Ransomnote: how_to_back_files.html
Sha256: 89ef8f862ff39fae66ec113c2cab99bfbec737bd4c9613c87b80cf95401adb60
https://www.virustotal.com/gui/file/89ef8f862ff39fae66ec113c2cab99bfbec737bd4c9613c87b80cf95401adb60/detection

https://twitter.com/pcrisk/status/1617819709721935873


■2023年1月26日 (木)

◆Hive ransomware disrupted after FBI hacks gang's systems (BleepingComputer, 2023/01/26 10:14)
[FBIがギャングのシステムをハッキングした後、ランサムウェア「Hive」は停止された]

Ransomware: Hive

https://www.bleepingcomputer.com/news/security/hive-ransomware-disrupted-after-fbi-hacks-gangs-systems/
https://malware-log.hatenablog.com/entry/2023/01/26/000000_3

◆New Mimic ransomware abuses ‘Everything’ Windows search tool (BleepingComputer, 2023/01/26 16:22)
[新型ランサムウェア「Mimic」がWindowsの検索ツール「Everything」を悪用]

Ransomware: Mimic

https://www.bleepingcomputer.com/news/security/new-mimic-ransomware-abuses-everything-windows-search-tool/
https://malware-log.hatenablog.com/entry/2023/01/26/000000_4

◆US offers $10M bounty for Hive ransomware links to foreign governments (BleepingComputer, 2023/01/26 15:41)
[米国、ランサムウェア「Hive」の外国政府との関連に1,000万ドルの懸賞金を提供]

Ransomware: Hive

https://www.bleepingcomputer.com/news/security/us-offers-10m-bounty-for-hive-ransomware-links-to-foreign-governments/
https://malware-log.hatenablog.com/entry/2023/01/26/000000_5

◆New Phobos ransomware variant (PCrisk(Twitter), 2023/01/26)

Ransomware: Unknown (Phobos)
拡張子: .unknown
Ransomnote: info.txt / info.hta
Sha256: 7d9c97a133997396b0625a5d2b762fb8b333f5152d4dd893c7a463cc41372ab5
https://www.virustotal.com/gui/file/7d9c97a133997396b0625a5d2b762fb8b333f5152d4dd893c7a463cc41372ab5/detection

https://twitter.com/pcrisk/status/1618579172347252740


■2023年1月27日 (金)

◆New SickFile ransomware (PCrisk(Twitter), 2023/01/27)

Ransomware: SickFile
拡張子: .bitenc
Ransomnote: how_to_back_files.html
Sha256: 1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539
https://www.virustotal.com/gui/file/1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539/detection

https://twitter.com/pcrisk/status/1618872441752932353

◆New Mallox ransomware variant (PCrisk(Twitter), 2023/01/27)

Ransomware: Bitenc (Mallox)
拡張子: .bitenc
Ransomnote: FILE RECOVERY.txt
Sha256: a340ef5adb00a2bf1a0735600491ca98ac8045b57db892dedc27575a53b25056
https://www.virustotal.com/gui/file/a340ef5adb00a2bf1a0735600491ca98ac8045b57db892dedc27575a53b25056/detection

https://twitter.com/pcrisk/status/1618862041686761474

【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023