新闻快讯
< >

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭

E安全7月22日讯 CryptoMix勒索软件正以“迅雷不及掩耳之势”发布新变种,这不禁让人想到Locky开发人员散布Locky的方式。

美国时间7月19日,ID-Ransomware的迈克吉莱斯皮和Malwarebytes恶意软件研究人员马塞洛里韦罗发现两个CryptoMix勒索软件新变种。这两个变种将NOOB或ZAYKA扩展名添加到加密文件,但提供相同的联系邮箱:admin@zayka.pro供受害者咨询了解付款说明。

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

NOOB和ZAYKA勒索软件变种有哪些变化?

除了勒索信内容和捆绑的公共加密密钥之外,NOOB和ZAYKA变种没有太大变化。这两个变种使用的勒索信是一个TXT文档_HELP_INSTRUCTION.TXT。这封勒索信提供联系邮箱拱admin@zayka.pro供受害者了解付款说明。

付款说明不同

使用zayka.pro电子邮箱的第一个变种是NOOB, 并附有十分简短的勒索信。

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

而释放ZAYKA变种显示的勒索信内容更长。

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

另外,加密文件的扩展名也不同。值得注意的是,NOOB变种添加NOOB扩展名,而ZAYKA则添加ZAYKA扩展名, 加密文件夹示例如下:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全


这两个变种最主要的不同之处在于,他们使用不同的公共RSA加密密钥加密AES密钥(用来加密受害者文件)。

IOCs 攻击指示器(IOC)

文件哈希:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

与NOOB和ZAYKA Cryptomix变种相关的文件名:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

NOOB勒索信文本:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

ZAYKA勒索信文本:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

与NOOB和ZAYKA勒索软件相关的电子邮件:

CryptoMix勒索软件变种ZAYKA和NOOB接踵来袭-E安全

捆绑的NOOB公共RSA-1024密钥

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTp02+iahQUVQQSGTYcAgUdyn8 R6D3+q/M1GwA4c6ePwXlsEJC8UC4hDE4otjs4Vae0MauQrvkYo2rnilCpiqsv0Oo

OjDgOHhHI1vUILpWjAVRu61DORWqdvQEH3x9GfGRIulKwhVdzll5sGS9pyGWAAGq XvJ8T/ods5V+M3nFvQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Zs4/PG+bhEhduEnmB/zS4Ps7

bD0EDn6q2tgpIwu7WF4NhDwnCQYeX9uweOs+x3pPKIHgZj7KtyOdwjJEMYt4yago

kMnp24CM413CbGz28tsSLifJpcDq7NdFlItv1foqE3EhxK4RnnsKRnlNnZOmJobj BXWAK7kI6PMjAsycjQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdcVWIUztGfqsyayX8MJ+MilwA OCMmaedwUkhcrOaZbEr/kjFAS/51dhxfUmoO2M6N51D1+Tlx1hFP0Bbea41ory14 /jXmBP/ARTPejT9wmAcdFSYL5RKqn21imymnSfllV7lLSS7fwzIhUibz/c13pk1w UFQpsQKlAmge6nPWMQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoXHPF5pGepB37MwkGshTi4N+q

KaRbRAk6b6tDUxHK8AWyNDJTFKLygvaNTxjAcpY467SDTXQq6EyvaCh2juaSzCLH

qxcwIVRMH4mtBI8RKx5bycWssbuZD6XwQpcS7WABqE8+BuYDmALgeh1W0UVBQge5 Alv8dKw5oY2B84RApQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfshy8WocDLQBfn36LclXu7obD

X5hCJFAKntVU3Siyy6XKnumyu/qsiwekxG0QkDrEuWZWGk+/w5qVf+bw1wXbKnBr

h2FiYqtXgN8pX7h6vDhYNWd80RKg0fxA7sRYoB7HCtel99BCcGOKvWbsr9hcFq3j EPtf81OdtqlTI6x6uwIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ncKb3ppnuXs7NtizXtdHcKcj sfSIhS3E23j5Z4pxYfj3c3ipP8/gxu93/9b6qSQnQ87NRACf8NBbpr1XYR1kGkNK cRk+u1QsKsVyYP8QoMtnCPbxaIAxZ9qc2o8eFPt44IbOFNo4TS682ZnrgvCIl/D+ taf9I8jbrBTSbfxQ3wIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNdG6Kp5B6EHKVsENf2QudkLfe

TMzETNDGBk5cvGpj3On70vZGODVj/WfRe2iHyVE0ykT/iXXtb/C5gw3FePCSGVja

5S3qH9xh6Ncw5sFrsdgBbm7qPYSbRmux2VTjHlLE44ckkTTCSiTUL3KX/08cU04V hb/JtNwKF5bg3ycuhQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqqapIMkQJgyt8mfVLZRPIEU20

V8c3+JbWNCdtDrIucv5nsKxJ/hCCDCau8gVjNN5jWtLltoQ0NvwR94HZaUkXAjGq Iy+vvpc66SBLin8pJ/DzLtA3ouQBrYU2/9C75DrKGuCedEoAzoFkCjz/AokqjTkz xSIkf+5//Rpoj22lHwIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHZ0EKaGTzyOxqaX2ePqAs46RU

HhLRsApVWfO0z3BADXv4cv2iGjSXRZE1g7dU/KNEVZrjuBRaHksWpXKIwI6v7vSJ

ZcxsaNRZNS+RTwJbu5VNc5uHBc5YPa7sdqocVrt3b6eXXPbn5gZcQY3L18TTd+S3 DljCC6h8BC80BJI6OQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkrR8CoTgor4sIybnVarCSWzMN

RIoH51qIgCWDx49UQYXXqCn7I4T2XL7iOD5Fb/LO8LLS/BC7xNETIBGwUsOLMUXq

0LT3wlASZX4l491JPAAzlGfspmWqOnxwFZh4e2kqbix9uTGRw7oC0v7n6pACJSLW ybODvrXAfJlITYUYIQIDAQAB

-----END PUBLIC KEY-----

捆绑的ZAYKA公共RSA-1024密钥

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADIK8Hi/vs+urnYqWyH+fkMt6

lCsS1uf4wokMgfnbNxe+rKsmM8KuRTkIics/BuGHUlK0RZ6DKJds8ud4aaUvNWIe

21h8WGAk+mEkkP9b5jf6Y0emzJywOkoLeBKQtDnf+mfMVHXVx5cMxsPaEhaDY6uQ qwS4M2uDeFW0FEbeQwIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADHfhTuIXFzdXH6FOVTIm8M6c m55aqg/XRY8m+/9Gmm+066fiKk5B2ruU4bwaVYfhUJ0HeFQMgEfzc9q3J5RS46Fh

xSD9Vl6WtG9pqKjS6KbwQSTYvLneD/1MGSHG76CJB9HjYTwlt/+KlmMvRmdWwnk3 S0chI6LgTpZW8zbhNwIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN9UP0aonvf8xxNeUR7jFaC00R

MORdX/aSiBQoSiXhywFIpOVxTMrusxpIXdji3HrLxM4hzzcCLRD2H5xmOYiXSiVT

PUGIeAR6Ap9KWt9UHO30cqEWBMHuk9uGQBYudHg6m/5dj5MemNZXARIpiSpNRcIh TcBzL5k/t/pbp45g3wIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi/BG2i3T/uTm+bwghqK/bImxI

3nd5UGnrnUF4C9LPbBOhpcvM7iyV2uTTLVP83uRlAytvfG/8rBe1H0tPetqsh3LF

KNLu9rHTuyFhochOSIJBF56lJbyfiL4OI3sH5+EInIlNzrtxb0+h09XMVeFF4CJj RKn+o+wW1bZMqeWanQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjA9QZB4jB9teNg31FCDHsPFzE

iR5zwqfSJ/3uprDBZ7iZKZ6QKJHpSJe9K+u2Sra46UCKOJSaFfOuAzlMAkc1lcE9

SNgSgkbiz76QdFEDvskoo94Or20HEYzdDv2wkmAVfOQg3/0nmhKNN+Gw/jDhHZfN vzu4DJeXxuIc4oIE2QIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pakX7ojUj37cJNhboRYdHuE5

RzgqquEo0pQpzwG8vxFnBjLEJDoP20y2QAMZEEJo0DyXw2GbcZN5xMhKMRbCjYNE

hRoSTuYcTkAY2AbDbqR4sbgNdTlGi8zqxHLXTurpPtIGVEn5JlBFj4Zcv2fkxsAF /l9Z0JwnhPMQe9gQlwIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAc1+v2v3F2PPGdZvK7GOmm154

woeRPbR1OipklqWiT5SMLrS9mwFVxpbXABQMlvxVKdQHThBramUNCUpMPxGYIig6

IoyRhmIpbNDBOi2yArQEO7jDcBezzCfCIHQYXxttfv75VJmKEkbnd3oAPzwcFX6H pNlqkrJG2H0K92UfNQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqTZE2h1KVWGT+159fLmHyZt0R

99hclyZBLDenccqJ9q1jN1WPfXxCUOHwOsYGLgigA6MimPQFTOJhe7rt4h2SdLQe avIrtSzoa/YeT+NuVjCvljq8GllNGLRc/n6uSqFrpdUfXQ9BZwxS3ftq0nqboImx KAupahWdPNwFZf49QQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+HhrJXhEHmxQtq0nCBIPEpQo

Ic5S0X9rFcIWd/K3x3VHXoP1pZzkq5/r2LB1oikwCF6TcJuitq7l8WHd4qQzOFlH

maxrLhB9iCvHJvnQYoBJVSzQfnCT32ICxcz6rTACIZMt4H90gIp2EhH2WT1R84qW MMqnW2cy7R18BE+7zQIDAQAB

-----END PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVSgsXhsD+ctN0pJdoAIEeopUW

CUIyV2LBdWOQp9G3sXeEvDmug53xWOlR0RFwS365IMxbpljhyquGmPwm53XelJ2n

5w7BPCVwgPbtdtyzE6LoR1MY2zg6vATpyecATb00gWyL1K4zoQi+zNwOifhG0wv8 e5SICAfU+Jjuwa61zQIDAQAB

-----END PUBLIC KEY-----

E安全注:本文系E安全独家编译报道,转载请联系授权,并保留出处与链接,不得删减内容。联系方式:① 微信号zhu-geliang ②邮箱eapp@easyaq.com
@E安全,最专业的前沿网络安全媒体和产业服务平台,每日提供优质全球网络安全资讯与深度思考,欢迎关注微信公众号「E安全」(EAQapp),或登E安全门户网站www.easyaq.com , 查看更多精彩内容。