Campaigns
Back to Campaigns
Magniber Ransomware Used a Variant of Microsoft SmartScreen Bypass with Malformed Signature

Magniber Ransomware Used a Variant of Microsoft SmartScreen Bypass with Malformed Signature

MagniberSmartScreenRansomware
Magniber ransomware, which targeted Asian countries in 2017, continues to attack with expanded targets worldwide since 2021

Indicators of Compromise

themomerator.com
pastor.cntcog.org
mayibeofservice.com
subscribe.3gbling.com
secure.azure
xinhewood-cn.com
travel.dianatokaji.com
ac.net.pe
abuhureira.sc.ke
mawuqiis.xyz
vividworld.net
coating.drrooter.com
whneat.com
quangdecalshop.com
orhung.space
longate.monster
halldie.fit
dofight.monster
googleanalyticstag.com
actsred.site
sempersim.su
catat.site
mail.jackbarber.com
blackcreekbarns.com
losthow.monster
joyceyong.art
liveweatherupdate.online
mail.biateknos.com
abimatic-care.co.uk
buyaims.online
bankssy.com
polygons-stakes.site
docs.azure
csmoved.space
abdullahcentre.com
achar724.com
luyensex.club
tinpick.online
cerradoforte.com
bahisaltv79.com
gareloi-digit.com
mail.divinecellcare.lk
abundanceandbusinessacademy.com
codeforge.pro
totwo.pw
cxitsolution.com
ittakes.fun
pirlay.fun
dach-loc.com
protection.cloud
lossend.casa
5avis.com
abre.com.my
echoesdesing.com
betdate.uno
spitecs.com
mini.ptipexcel.com
askills.quest
hidwant.quest
logharm.space
diary.lojjh.com
b23q.xyz
ftp.electrobist.com
owered.space
lowroll.uno
perwish.email
putdear.email
sportsgross.com

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Remediations
Security Recommendation

  • The Magniber ransomware relies on tricking people into opening fake software updates. Enterprises are advised to be cautious about the source of all software and operating system security updates, and only download them from trusted sources such as Windows Update and official software vendor websites. It is also advisable to avoid executing files from unknown sources.
  •   It is recommended to review whether there are abnormal work schedules and abnormal files on important servers or computers.
  •   It is recommended to tighten network access controls. If possible, it is recommended to create a trusted list and only allow clients to access certain categories of websites while blocking access to other nonessential external network services.
  •  Restrict the login sources and methods for high-privileged administrator accounts. For example, follow the principle of least privilege by only using administrator accounts when performing privileged tasks, or restrict privileged accounts to allow login only from secure management hosts.
  • Regularly back up corporate data. It is recommended to follow the 3-2-1 principle by properly backing up important files with three copies, stored in two different types of devices, with one copy located in a remote or secure location.

Reports & References2

[object Object][object Object]

Observed Countries10

AU (392)
DE (303)
FR (168)
IT (708)
JP (60)
KP (974)
NZ (441)
TR (547)
TW (633)
US (643)