Ransomware report: the rise of BandarChor
Revision as of 21:34, 10 August 2015 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| Ransomware report: the rise of BandarChor | |
|---|---|
| Botnet | BandarChor |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2015 / 2015-03-06 |
| Editor/Conference | F-Secure |
| Link | https://www.f-secure.com/weblog/archives/00002795.html (Archive copy) |
| Author | FSLabs |
| Type | Blogpost |
Abstract
“ This week, we have received a number of reports on yet another ransomware, BandarChor.
This ransomware is not exactly fresh. The first infections that we've noticed related to this family came already last November.
November
We have had reports of BandarChor being spread via email and have seen indicators that it may have been distributed by exploit kits.
Upon execution, the malware drops a copy of itself in Startup directory as well as the ransom notification image.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4631,
editor = {F-Secure},
author = {FSLabs},
title = {Ransomware report: the rise of BandarChor},
date = {06},
month = Mar,
year = {2015},
howpublished = {\url{https://www.f-secure.com/weblog/archives/00002795.html}},
}