IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています

** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Snake / EKANS (2020/01/08)


■ハッシュ情報(Sha256) - Snake Ransomware -


(以上は MalwareHunterTeam の情報: 引用元は )

■脅迫文 - Snake Ransomware -

                                                                                      • -
What happened to your files?
                                                                                      • -

We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more -

all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But dont worry!

You can still get those files back and be up and running again in no time.

                                                                                        • -
How to contact us to get your files back?
                                                                                        • -

The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network.

Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with

better cyber security in mind. If you are interested in purchasing the decryption tool contact us at

                                                                                                            • -
How can you be certain we have the decryption tool?
                                                                                                            • -

In your mail to us attach up to 3 files (up to 3MB, no databases or spreadsheets).

We will send them back to you decrypted.

■脅迫文 - Snake Ransomware -






◆SNAKE Ransomware Is the Next Threat Targeting Business Networks (BleepingComputer, 2020/01/08 03:30)