截止2019年4月份,安全团队(公众号:网安众安)对所有勒索病毒及相关信息收集:
1、GANDCRAB病毒
病毒版本:GANDCRAB V5.0.4 GANDCRAB V5.1 GANDCRAB V5.2
中毒特征:<原文件名>.随机字符串
勒索信息:随机字符串-DECRYPT.txt 随机字符串-MANUAL.txt
特征示例: readme.txt.pfdjjafw
2、GlobeImposter 3.0病毒(十二×××病毒)
中毒特征:<原文件名>.XXXX4444
勒索信息:HOW_TO_BACK_FILES.txt how_to_back_files.htm
特征示例: readme.txt.Monkey4444
特征后缀收集:
.China4444 .Help4444 .Rat4444 .Ox4444 .Tiger4444 .Rabbit4444
.Dragon4444 .Snake4444 .Horse4444 .Goat4444 .Monkey4444
.Rooster4444 .Dog4444 .all4444 .Pig4444 .Alco4444 .Rat4444 等
3、Globelmposterb 5.0病毒
中毒特征:<原文件名>.{邮箱}AOL
勒索信息:how_to_back_files.htm
特征示例:ReadMe.txt.{[email protected]}AOL
特征后缀收集:
{[email protected]}AOL 及其他 .com}AOL后缀
{[email protected]}MTP
{[email protected]}MGH
{[email protected]}CMG
{[email protected]}MG
4、Crysis(Dharma)病毒
中毒特征:<原文件名>.ID-<随机8位字符串>.<邮件地址>.特征后缀
勒索信息:FILES ENCRYPTED.txt data files encrypted.txt info.hta
特征示例:
readme.txt.ID-16E86DC7.[[email protected]].btc
readme.txt.id-F06E54C7.[[email protected]].ETH
特征后缀收集:
.ETH .btc .adobe .bkpx .tron .bgtx .combo .gamma .block .bip .arrow
.cesar .arena
[email protected] [email protected] [email protected]
[email protected]
[email protected] [email protected]
[email protected]
[email protected] [email protected]
[email protected]
[email protected] [email protected]
5、Phobos病毒
中毒特征:<原文件名>.ID-<随机8位字符串>.<邮件地址>.Phobos
勒索信息:Encrypted.txt Phobos.hta data.hta
特征示例: readme.txt.ID-16E86DC7.
[[email protected]].phobos
特征后缀收集: [[email protected]].phobos
6、CryptON(x3m)病毒
中毒特征:<原文件名>.<随机字符串ID>.<邮件地址>.x3m
勒索信息:DECRYPT-MY-FILES.txt HOW TO DECRYPT FILES.htm
特征示例: readme.txt.id16e86dc7[[email protected]].x3m
特征后缀收集:
.x3m .X3M .nemesis .x3m-pro .mf8y3 .nem2end
7、PRCP(Matrix变种)病毒
中毒特征:[邮件地址].密文-密文.PRCP
勒索信息:#README_PRCP#.rtf
特征示例: [[email protected]].A6QkjniCc-Plvdd5kn.PRCP
特征后缀收集:.PRCP
[email protected]
[email protected]
8、AUCHENTOSHAN病毒
中毒特征:<原文件名>.auchentoshan
勒索信息:[email protected]
特征示例:ReadMe.txt.auchentoshan
特征后缀收集:.auchentoshan
9、Clop 病毒
中毒特征:<原文件名>.Clop
勒索信息:ClopReadMe.txt
特征示例:ReadMe.txt.Clop [email protected]
特征后缀收集: .Clop
10、PyLocky病毒
中毒特征:<原文件名>.pyd
勒索信息:LOCKY_README.txt
特征示例:ReadMe.txt.pyd ReadMe.txt.lockymap
特征后缀收集:.pyd .lockedfile .lockymap
11、ITLOCK 病毒
中毒特征:[邮箱].字符-字符.ITLOCK
勒索信息:!README_ITLOCK!
特征示例:[[email protected]].63Nv1K7q-xCeWZJaH.ITLOCK
特征后缀收集:.ITLOCK
[email protected]
[email protected]
[email protected]
12、sherhagdomski病毒
中毒特征:<文件名>[email protected]_bid
勒索信息:how_to_back_files.html
特征示例:[email protected]_bid
特征后缀收集:
[email protected]_bid
[email protected]
13、Satan病毒
中毒特征:<文件名>.satan
勒索信息:[email protected]
特征示例:ReadMe.txt.statan
特征后缀收集:
lucky .satan .sicck .dbger
其他类型病毒特征
勒索邮箱收集:
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]_lu
[email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected]
[email protected]_mrscratch [email protected]
[email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected] [email protected]ok.com
[email protected]
[email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected] [email protected]
[email protected]
后缀收集:
{[email protected]}XX
.HRM .rapid .master .Lock .sicck .lucky .satan .Boom .Indrik .aes256
.tunca .vacv2 .locked_by_mR_Anonymous(TZ_HACKERS)
.luudjvu .udjvu .udjvuq .satana .vulston
.wq2k (B2DR病毒)
.nano (Scarab病毒)
.nostro
.cryptoid(RICKROLL LOCKER病毒)
.tfudet .Djvur .Djvuu .djvut .rumba
.tfudeq(Stop病毒)
.xcry7684 (XCry病毒)
.AUF (Dharma病毒)
.PC-FunHACKED!-Hello (Jigsaw病毒)
.xyz (Paradise病毒)
.GMPF (Matrix病毒)
.[[email protected]] (Scarab病毒)
.Anatova病毒
[email protected] [email protected] .obfuscated .GMBN .SPCT
.CHRB .PLANT
.PEDANT (Matrix病毒)
.xwx .USA .best .heets .qwex .air .888 .frend .amber
.KARLS (Dharma病毒)
.healforyou
.ANAMI (GlobeImposter系列)
.krab .cupcupcup .crash .GEFEST3 .secure
.nosafe (Scarab病毒) .pennywise
.paycoin (Jigsaw病毒)
.[[email protected]] (Jaffe病毒)
.rumba (Stop病毒)
.cryptotes (Rotorcrypt病毒)
.STUB (Paradise病毒)
.locked (LockerGoga病毒)
.vaca .mbrcodes
.mafee .Mcafee (Xorist病毒)
.cosanostra (GarrantyDecrypt病毒)
.cripton(Creeper病毒)
.Jnec
.YYYYBJQOQDU
.tater
……
更多勒索病毒类型,可以添加我们安全工程师微信:ahsjzj
为你进行专业地解析!
原文地址:https://blog.51cto.com/14282593/2375706