更多全球网络安全资讯尽在E安全官网www.easyaq.com
E安全7月22日讯 CryptoMix勒索软件正以“迅雷不及掩耳之势”发布新变种,这不禁让人想到Locky开发人员散布Locky的方式。
美国时间7月19日,ID-Ransomware的迈克吉莱斯皮和Malwarebytes恶意软件研究人员马塞洛里韦罗发现两个CryptoMix勒索软件新变种。这两个变种将NOOB或ZAYKA扩展名添加到加密文件,但提供相同的联系邮箱:admin@zayka.pro供受害者咨询了解付款说明。
NOOB和ZAYKA勒索软件变种有哪些变化?
使用zayka.pro电子邮箱的第一个变种是NOOB, 并附有十分简短的勒索信。
而释放ZAYKA变种显示的勒索信内容更长。
另外,加密文件的扩展名也不同。值得注意的是,NOOB变种添加NOOB扩展名,而ZAYKA则添加ZAYKA扩展名, 加密文件夹示例如下:
这两个变种最主要的不同之处在于,他们使用不同的公共RSA加密密钥加密AES密钥(用来加密受害者文件)。
文件哈希:
与NOOB和ZAYKA Cryptomix变种相关的文件名:
NOOB勒索信文本:
ZAYKA勒索信文本:
与NOOB和ZAYKA勒索软件相关的电子邮件:
捆绑的NOOB公共RSA-1024密钥
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTp02+iahQUVQQSGTYcAgUdyn8 R6D3+q/M1GwA4c6ePwXlsEJC8UC4hDE4otjs4Vae0MauQrvkYo2rnilCpiqsv0Oo
OjDgOHhHI1vUILpWjAVRu61DORWqdvQEH3x9GfGRIulKwhVdzll5sGS9pyGWAAGq XvJ8T/ods5V+M3nFvQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Zs4/PG+bhEhduEnmB/zS4Ps7
bD0EDn6q2tgpIwu7WF4NhDwnCQYeX9uweOs+x3pPKIHgZj7KtyOdwjJEMYt4yago
kMnp24CM413CbGz28tsSLifJpcDq7NdFlItv1foqE3EhxK4RnnsKRnlNnZOmJobj BXWAK7kI6PMjAsycjQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdcVWIUztGfqsyayX8MJ+MilwA OCMmaedwUkhcrOaZbEr/kjFAS/51dhxfUmoO2M6N51D1+Tlx1hFP0Bbea41ory14 /jXmBP/ARTPejT9wmAcdFSYL5RKqn21imymnSfllV7lLSS7fwzIhUibz/c13pk1w UFQpsQKlAmge6nPWMQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoXHPF5pGepB37MwkGshTi4N+q
KaRbRAk6b6tDUxHK8AWyNDJTFKLygvaNTxjAcpY467SDTXQq6EyvaCh2juaSzCLH
qxcwIVRMH4mtBI8RKx5bycWssbuZD6XwQpcS7WABqE8+BuYDmALgeh1W0UVBQge5 Alv8dKw5oY2B84RApQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfshy8WocDLQBfn36LclXu7obD
X5hCJFAKntVU3Siyy6XKnumyu/qsiwekxG0QkDrEuWZWGk+/w5qVf+bw1wXbKnBr
h2FiYqtXgN8pX7h6vDhYNWd80RKg0fxA7sRYoB7HCtel99BCcGOKvWbsr9hcFq3j EPtf81OdtqlTI6x6uwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ncKb3ppnuXs7NtizXtdHcKcj sfSIhS3E23j5Z4pxYfj3c3ipP8/gxu93/9b6qSQnQ87NRACf8NBbpr1XYR1kGkNK cRk+u1QsKsVyYP8QoMtnCPbxaIAxZ9qc2o8eFPt44IbOFNo4TS682ZnrgvCIl/D+ taf9I8jbrBTSbfxQ3wIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNdG6Kp5B6EHKVsENf2QudkLfe
TMzETNDGBk5cvGpj3On70vZGODVj/WfRe2iHyVE0ykT/iXXtb/C5gw3FePCSGVja
5S3qH9xh6Ncw5sFrsdgBbm7qPYSbRmux2VTjHlLE44ckkTTCSiTUL3KX/08cU04V hb/JtNwKF5bg3ycuhQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqqapIMkQJgyt8mfVLZRPIEU20
V8c3+JbWNCdtDrIucv5nsKxJ/hCCDCau8gVjNN5jWtLltoQ0NvwR94HZaUkXAjGq Iy+vvpc66SBLin8pJ/DzLtA3ouQBrYU2/9C75DrKGuCedEoAzoFkCjz/AokqjTkz xSIkf+5//Rpoj22lHwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHZ0EKaGTzyOxqaX2ePqAs46RU
HhLRsApVWfO0z3BADXv4cv2iGjSXRZE1g7dU/KNEVZrjuBRaHksWpXKIwI6v7vSJ
ZcxsaNRZNS+RTwJbu5VNc5uHBc5YPa7sdqocVrt3b6eXXPbn5gZcQY3L18TTd+S3 DljCC6h8BC80BJI6OQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkrR8CoTgor4sIybnVarCSWzMN
RIoH51qIgCWDx49UQYXXqCn7I4T2XL7iOD5Fb/LO8LLS/BC7xNETIBGwUsOLMUXq
0LT3wlASZX4l491JPAAzlGfspmWqOnxwFZh4e2kqbix9uTGRw7oC0v7n6pACJSLW ybODvrXAfJlITYUYIQIDAQAB
-----END PUBLIC KEY-----
捆绑的ZAYKA公共RSA-1024密钥
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADIK8Hi/vs+urnYqWyH+fkMt6
lCsS1uf4wokMgfnbNxe+rKsmM8KuRTkIics/BuGHUlK0RZ6DKJds8ud4aaUvNWIe
21h8WGAk+mEkkP9b5jf6Y0emzJywOkoLeBKQtDnf+mfMVHXVx5cMxsPaEhaDY6uQ qwS4M2uDeFW0FEbeQwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCADHfhTuIXFzdXH6FOVTIm8M6c m55aqg/XRY8m+/9Gmm+066fiKk5B2ruU4bwaVYfhUJ0HeFQMgEfzc9q3J5RS46Fh
xSD9Vl6WtG9pqKjS6KbwQSTYvLneD/1MGSHG76CJB9HjYTwlt/+KlmMvRmdWwnk3 S0chI6LgTpZW8zbhNwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN9UP0aonvf8xxNeUR7jFaC00R
MORdX/aSiBQoSiXhywFIpOVxTMrusxpIXdji3HrLxM4hzzcCLRD2H5xmOYiXSiVT
PUGIeAR6Ap9KWt9UHO30cqEWBMHuk9uGQBYudHg6m/5dj5MemNZXARIpiSpNRcIh TcBzL5k/t/pbp45g3wIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi/BG2i3T/uTm+bwghqK/bImxI
3nd5UGnrnUF4C9LPbBOhpcvM7iyV2uTTLVP83uRlAytvfG/8rBe1H0tPetqsh3LF
KNLu9rHTuyFhochOSIJBF56lJbyfiL4OI3sH5+EInIlNzrtxb0+h09XMVeFF4CJj RKn+o+wW1bZMqeWanQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjA9QZB4jB9teNg31FCDHsPFzE
iR5zwqfSJ/3uprDBZ7iZKZ6QKJHpSJe9K+u2Sra46UCKOJSaFfOuAzlMAkc1lcE9
SNgSgkbiz76QdFEDvskoo94Or20HEYzdDv2wkmAVfOQg3/0nmhKNN+Gw/jDhHZfN vzu4DJeXxuIc4oIE2QIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4pakX7ojUj37cJNhboRYdHuE5
RzgqquEo0pQpzwG8vxFnBjLEJDoP20y2QAMZEEJo0DyXw2GbcZN5xMhKMRbCjYNE
hRoSTuYcTkAY2AbDbqR4sbgNdTlGi8zqxHLXTurpPtIGVEn5JlBFj4Zcv2fkxsAF /l9Z0JwnhPMQe9gQlwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAc1+v2v3F2PPGdZvK7GOmm154
woeRPbR1OipklqWiT5SMLrS9mwFVxpbXABQMlvxVKdQHThBramUNCUpMPxGYIig6
IoyRhmIpbNDBOi2yArQEO7jDcBezzCfCIHQYXxttfv75VJmKEkbnd3oAPzwcFX6H pNlqkrJG2H0K92UfNQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqTZE2h1KVWGT+159fLmHyZt0R
99hclyZBLDenccqJ9q1jN1WPfXxCUOHwOsYGLgigA6MimPQFTOJhe7rt4h2SdLQe avIrtSzoa/YeT+NuVjCvljq8GllNGLRc/n6uSqFrpdUfXQ9BZwxS3ftq0nqboImx KAupahWdPNwFZf49QQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCA+HhrJXhEHmxQtq0nCBIPEpQo
Ic5S0X9rFcIWd/K3x3VHXoP1pZzkq5/r2LB1oikwCF6TcJuitq7l8WHd4qQzOFlH
maxrLhB9iCvHJvnQYoBJVSzQfnCT32ICxcz6rTACIZMt4H90gIp2EhH2WT1R84qW MMqnW2cy7R18BE+7zQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVSgsXhsD+ctN0pJdoAIEeopUW
CUIyV2LBdWOQp9G3sXeEvDmug53xWOlR0RFwS365IMxbpljhyquGmPwm53XelJ2n
5w7BPCVwgPbtdtyzE6LoR1MY2zg6vATpyecATb00gWyL1K4zoQi+zNwOifhG0wv8 e5SICAfU+Jjuwa61zQIDAQAB
-----END PUBLIC KEY-----
官网:www.easyaq.com
2017年7月