So here, the big news is in fact that South America is now a potential target for Cool EK and Reveton cause they have updated the design of their Ransomware, adding new countries. But we can't call this "Spring Collection" for sure...
Same design as Urausy (but video on the left)...kind of disappointing...
Knowing that Urausy Design is itself inspired by Reveton Design from Past summer...
It looks like one "designer" is becoming the only one in the game now.
One more
and if you wonder how other countries look like just refer to Urausy Collection. (am slowly updating botnets.fr Reveton page too)
So this move allow Reveton team to target more countries (we can suppose same as Urausy Team), for instance :
Argentina :
and Mexico
Expect : NZ, BO, EC, AR, UY
C&C Redirector now ?
Files ?
4 samples (OwnCloud via Goo.gl)
In that zip you'll find :
f1bf137d73d5323a2d71d921bd99ca42 (a downloader (CVE-2013-0634 dropped) )
1669bbd10bc2f350f7d450e0969a5a8a
445af5fec3322d5e3a04690e30322d79
d182165a9e6ec130932c2273870d2eda
Reading :
Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell
Reveton US 2013-04 |
Knowing that Urausy Design is itself inspired by Reveton Design from Past summer...
It looks like one "designer" is becoming the only one in the game now.
One more
Reveton FR 2013-04 |
So this move allow Reveton team to target more countries (we can suppose same as Urausy Team), for instance :
Argentina :
Reveton AR 2013-04 |
Reveton MX 2013-04 |
C&C Redirector now ?
Reveton Calling Home |
Files ?
4 samples (OwnCloud via Goo.gl)
In that zip you'll find :
f1bf137d73d5323a2d71d921bd99ca42 (a downloader (CVE-2013-0634 dropped) )
1669bbd10bc2f350f7d450e0969a5a8a
445af5fec3322d5e3a04690e30322d79
d182165a9e6ec130932c2273870d2eda
Reading :
Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell