Locky ransomware

Forum for analysis and discussion about malware.
User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Fri Nov 25, 2016 7:23 pm

.zzzz extension from Word file
You do not have the required permissions to view the files attached to this post.
@xorsthings

Bogdan-Mihai
Posts: 16
Joined: Thu Mar 24, 2016 9:37 am

Re: Locky ransomware

Post by Bogdan-Mihai » Tue Nov 29, 2016 10:46 am

Same as above ".zzzz" extension, but an Locky excel macro sample from today malspam.
VT: https://www.virustotal.com/en/file/af59 ... /analysis/

C&C still up at the time of this post.
You do not have the required permissions to view the files attached to this post.

Bogdan-Mihai
Posts: 16
Joined: Thu Mar 24, 2016 9:37 am

Re: Locky ransomware

Post by Bogdan-Mihai » Tue Dec 06, 2016 10:40 am

New version with .osiris extension.

https://www.bleepingcomputer.com/news/s ... extension/

If I catch one, I`ll post it here asap.

Antelox
Posts: 153
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Locky ransomware

Post by Antelox » Tue Dec 06, 2016 11:17 am

Bogdan-Mihai wrote:New version with .osiris extension.

https://www.bleepingcomputer.com/news/s ... extension/

If I catch one, I`ll post it here asap.
XLS dropper and Locky payload with .osiris extension as well.

BR,

Antelox
You do not have the required permissions to view the files attached to this post.

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Wed Dec 07, 2016 3:54 pm

.osiris extension
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Thu Jun 22, 2017 9:16 am

.loptr extension
You do not have the required permissions to view the files attached to this post.
@xorsthings

Post Reply