网络空间安全:行业资讯、技术分享、法规研讨、趋势分析……

“游侠安全网”创建了网络安全从业者QQ大群(群号:1255197) ,欢迎各位同仁加入!有其它问题如合作等,请联系站长“网路游侠”,QQ:55984512


收藏 · 备查:勒索病毒的分类收集

2019-03-12 21:23 推荐: 浏览: 126 views 字号:

摘要: 截止2019年3月份,常见勒索病毒及相关信息收集: 1、Phobos病毒 中毒特征:<原文件名>.ID-<随机8位字符串>.<邮件地址>.Phobos 勒索信息:Encrypted.txt Phobos.hta data....

截止2019年3月份,常见勒索病毒及相关信息收集:

1、Phobos病毒

中毒特征:<原文件名>.ID-<随机8位字符串>.<邮件地址>.Phobos

勒索信息:Encrypted.txt Phobos.hta data.hta

特征示例: readme.txt.ID-16E86DC7.[[email protected]].phobos

特征后缀收集: [[email protected]].phobos

2、GANDCRAB病毒

病毒版本:GANDCRAB V5.0.4 GANDCRAB V5.1 GANDCRAB V5.2

中毒特征:<原文件名>.随机字符串

勒索信息:随机字符串-DECRYPT.txt 随机字符串-MANUAL.txt

特征示例: readme.txt.pfdjjafw

3、GlobeImposter 3.0病毒(十二生肖病毒)

中毒特征:<原文件名>.XXXX4444

勒索信息:HOW_TO_BACK_FILES.txt how_to_back_files.htm

特征示例: readme.txt.Monkey4444

特征后缀收集: .China4444 .Help4444 .Rat4444 .Ox4444 .Tiger4444 .Rabbit4444 .Dragon4444 .Snake4444 .Horse4444 .Goat4444 .Monkey4444 .Rooster4444 .Dog4444 .all4444 .Pig4444 .Alco4444等

4、Crysis(Dharma)病毒

中毒特征:<原文件名>.ID-<随机8位字符串>.<邮件地址>.特征后缀

勒索信息:FILES ENCRYPTED.txt data files encrypted.txt info.hta

特征示例: readme.txt.ID-16E86DC7.[[email protected]].btc readme.txt.id-F06E54C7.[[email protected]].ETH

特征后缀收集: .ETH .btc .adobe .bkpx .tron .bgtx .combo .gamma .block .bip .arrow .cesar .arena [email protected]@protonmail.com [email protected] [email protected] [email protected] [email protected]@decoder.com [email protected] [email protected] [email protected]@qq.com [email protected]

5、CryptON(x3m)病毒

中毒特征:<原文件名>.<随机字符串ID>.<邮件地址>.x3m

勒索信息:DECRYPT-MY-FILES.txt HOW TO DECRYPT FILES.htm

特征示例: readme.txt.id16e86dc7[[email protected]].x3m

特征后缀收集: .x3m .nemesis .x3m-pro .X3M .mf8y3 .nem2end

6、PRCP(Matrix变种)病毒

中毒特征:[邮件地址].密文1-密文2.PRCP

勒索信息:#README_PRCP#.rtf

特征示例: [[email protected]].A6QkjniCc-Plvdd5kn.PRCP

[email protected] [email protected]

特征后缀收集: .PRCP

7、Clop病毒

中毒特征:<原文件名>.Clop

勒索信息:ClopReadMe.txt

特征示例:ReadMe.txt.Clop

[email protected]

特征后缀收集: .Clop

8、PyLocky病毒

中毒特征:<原文件名>.pyd

勒索信息:LOCKY_README.txt

特征示例:ReadMe.txt.pyd ReadMe.txt.lockymap

特征后缀收集:.pyd .lockedfile .lockymap

9、其他病毒

特征示例:

{[email protected]}MTP

{[email protected]}BJ

{[email protected]}AOL

{[email protected]}MG

{[email protected]}MGH

{[email protected]}XX [email protected] [email protected] [email protected]@india.com [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected][email protected] [email protected]india.com [email protected] [email protected] [email protected]_lu [email protected] [email protected][email protected] [email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected] [email protected]_mrscratch [email protected] [email protected] [email protected]@qq.com [email protected] [email protected] [email protected][email protected] [email protected] [email protected] [email protected]@aol.com [email protected] [email protected] [email protected] [email protected]@outlook.com [email protected] [email protected] [email protected]@protonmail.com [email protected] [email protected] [email protected]@airmail.cc [email protected] [email protected] [email protected]

特征后缀收集:.HRM .ITLOCK .rapid .master .Lock .sicck .lucky .satan .Boom .Indrik .aes256 .tunca .vacv2 .bin .locked_by_mR_Anonymous(TZ_HACKERS) .luudjvu .udjvu .udjvuq .satana .vulston .wq2k (B2DR病毒) .nano (Scarab病毒) .nostro .cryptoid(RICKROLL LOCKER病毒) .tfudet .Djvur .Djvuu .djvut .rumba .tfudeq(Stop病毒) .xcry7684 (XCry病毒) .gif .AUF (Dharma病毒) .data .PC-FunHACKED!-Hello (Jigsaw病毒) .xyz (Paradise病毒) GMPF (Matrix病毒) .[[email protected]] (Scarab病毒) .Anatova病毒 [email protected] [email protected] .btc .obfuscated .GMBN .SPCT .CHRB .PLANT .PEDANT (Matrix病毒) .xwx .USA .best .heets .qwex .air .888 .frend .amber .KARLS (Dharma病毒) .healforyou .ANAMI (GlobeImposter系列) .krab .cupcupcup .crash .GEFEST3 .secure .nosafe (Scarab病毒) .pennywise .paycoin (Jigsaw病毒) .[[email protected]] (Jaffe病毒) .adobe .rumba (Stop病毒) .cryptotes (Rotorcrypt病毒) .STUB (Paradise病毒) .locked (LockerGoga病毒) .vaca .mbrcodes .mafee .Mcafee (Xorist病毒) .cosanostra (GarrantyDecrypt病毒) .cripton(Creeper病毒)……

原文:https://blog.csdn.net/AnHengData/article/details/87928476

联系站长租广告位!

中国首席信息安全官


关闭


关闭