Distribution of Magniber Ransomware Stops (Since August 25th)

by Prapattimynk, Wednesday, 11 October 2023 (5 months ago)
Distribution of Magniber Ransomware Stops (Since August 25th)


Through a continuous monitoring process, AhnLab Security Emergency response Center (ASEC) is swiftly responding to Magniber, the main malware that is actively being distributed using the typosquatting method which abuses typos in domain addresses. After the blocking rules of the injection technique used by Magniber were distributed, ASEC published a post about the relevant information on August 10th.

Subsequently, the number of cases diminished as the creator of Magniber conducted various detection bypass tests, and as of August 25th, the distribution of the Magniber ransomware has halted

Since its initial appearance in 2016, Magniber has never taken a break from distribution for such a long period of time (usually resuming distribution with a new technique to bypass detection within 2 weeks to a month). The count graph for the detection rules is displayed below. Since August 25th, no further detections have been reported, and the distribution was found to be halted.

Graph of Magniber detection rules

Magniber is a ransomware that is distributed with various anti-malware evasion techniques and also has a rapidly evolving method of distribution. As this halt in distribution could actually be an indication that a change may occur in the distribution method or that it may return with a new vulnerability or additional anti-malware evasion technique, continuous monitoring is necessary.

[Magniber Behavior Detection]
– Ransom/MDP.Magniber.M4687 (2022.08.03.03)
– Ransom/MDP.Magniber.M4683 (2022.07.19.00)

[Magniber File Detection]
-Ransomware/Win.Magniber.C5468545(2023.08.09.02)

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

Comments

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.