ShadowRoot Ransomware Targeting Turkish Businesses
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An analysis reveals a basic ransomware campaign targeting Turkish enterprises. The attack commences with a malicious PDF attachment delivered via email, containing a link that downloads an executable payload. This executable then drops further components, including a .NET binary obfuscated with dotnet confuser. The malware recursively encrypts files with the .shadowroot extension and communicates with a Russian SMTP server. While exhibiting fundamental functionality, this campaign appears to be the work of an inexperienced actor aiming to extort victims through ransom demands.
OPENCTI LABELS :
ransomware,türkiye
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
ShadowRoot Ransomware Targeting Turkish Businesses