Some info tweeted by my fellow Palo Alto Networks colleagues on the birdsite!
2023-03-30 (Thursday): Kudos to my Palo Alto Networks colleagues who found and reported a new ransomware calling itself "Cylance Ransomware"
These #CylanceRansomware samples are available at Malware Bazaar.
Linux ELF: https://bazaar.abuse.ch/sample/d1ba6260e2c6bf82be1d6815e19a1128aa0880f162a0691f667061c8fe8f1b2c/
Windows EXE: https://bazaar.abuse.ch/sample/7a5e813ec451cde49346d7e18aca31065846cafe52d88d08918a297196a6a49f/
I saw the following HTTP POST requests from my test of #CylanceRansomware EXE for Windows:
- hxxp://139.99.233[.]175/r1.php
- hxxp://139.99.233[.]175/r2.php
The HTTP POST traffic sent a base64 string with info on victim & encrypted files.
No traffic when I ran the #CylanceRansomware ELF in Linux
And as some of you may know, Cylance is the name Blackberry uses for it's enterprise cybersecurity products.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.