In the last couple of days we detected a high number of distribution campaings for the Ransomware/Cryptol0cker.
Received files are in particular .js and .doc and the e-mail subject has the prefix “Contratto” and 6 decimal numbers:
Contratto [XXXXXX]
Example:
Contratto 129917
Contratto 165738
Files’ name enclosed have the following pattern:
[XXXXXX].doc
[XXXX].js
Example:
447095.doc
5044.js
Files execute the Ransomware/Cryptol0cker at the following URL:
hxxp://twentymind.tw/file/dew.fgh
Downloaded file has the following MD5:
6526CF077EA67E41F643F5357C20AFBC
You must be logged in to post a comment.