2017-08-08 - QUICK POST: MALSPAM PUSHING GLOBEIMPOSTER RANSOMWARE

ASSOCIATED FILES:

• Zip archive of the emails, malware, and artifacts:  2017-08-08-GlobeImposter-malspam-and-artifacts.zip   305 kB (305,003 bytes)
• Zip archive of the spreadsheet tracker:  2017-08-08-GlobeImposter-malspam-tracker.csv.zip   1.1 kB (1,080 bytes)
• Zip archive of the pcap:  2017-08-08-GlobeImposter-malspam-traffic.pcap.zip   230 kB (229,577 bytes)

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

NOTES:

• Just documenting what several people have already tweeted about.
• Today's GlobeImposter ransomware used ..txt as the file extension for encrypted files.
• Read_ME.html was used for the ransom payment instructions.

 

Shown above:  Some information from the spreadsheet tracker.

 

Click here to return to the main page.