2017-07-29 - "BLANK SLATE" CAMPAIGN PUSHES BTCWARE (ALETA VARIANT) RANSOMWARE

NOTICE:

ASSOCIATED FILES:

BACKGROUND:

TODAY'S NOTES:

 

EMAILS


Shown above:  Example of the emails seen.

 


Shown above:  Samples collected as noted in the spreadsheet tracker.

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 

URLS GENERATED BY THE EXTRACTED .JS FILES TO GET THE RANSOMWARE:

 

EMAIL FROM THE DECRYPTION INSTRUCTIONS:

 

SHA256 HASHES

FILE ATTACHMENTS (ZIP ARCHIVES):

 

EXTRACTED .JS FILES:

 

BTCWARE (ALETA VARIANT) RANSOMWARE SAMPLE:

 

IMAGES


Shown above:  Desktop of a Windows host infected with today's BTCware sample.

 

Click here to return to the main page.