certfr_alerte - CERTFR-2019-ALE-003

CERTFR-2019-ALE-003

Vulnerability from certfr_alerte - Published: - Updated:

Voir la rubrique Contournement Provisoire pour les indicateurs de compromission.

Solution

L'ANSSI recommande de se conformer aux mesures énoncées dans la note d'information suivante : /information/CERTFR-2017-INF-001/

Contournement provisoire

Indicateurs de compromission


famille	taille du fichier en octets	md5	sha1	sha256
LockerGoga	1267728	52340664fe59e030790c48b66924b5bd	73171ffa6dfee5f9264e3d20a1b6926ec1b60897	bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f
LockerGoga	1284112	9cad8641ac79688e09c5fa350aef2094	3da0a217bbda09561780f52f163a6aafeb721d60	5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c
LockerGoga	1282576	164f72dfb729ca1e15f99d456b7cf811	f92339e73c7e901c0c852d8e65615cfb588a4ff6	8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29
LockerGoga	1267728	3ebca21b1d4e2f482b3eda6634e89211	37cdd1e3225f8da596dc13779e902d8d13637360	6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77
LockerGoga	1267728	a1d732aa27e1ca2ae45a189451419ed5	50f5a5ec13d21d4df119140547d63bc40f93b079	c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a
LockerGoga	2097664	174e3d9c7b0380dd7576187c715c4681	31fbfe814628db3b459ddc87bf5ed538700db17a	c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4
LockerGoga	8129536	ba53d8910ec3e46864c3c86ebd628796	d1c2dfedc602f5d5f2036b0ba5541cac8f8b4b95	a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a
LockerGoga	833024	a52f26575556d3c4eccd3b51265cb4e6	61fdebb3c9dfa880b54e82579256acfcd4d6d406	97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43
Ryuk	155648	32cbc69f85cc47d8e35dc20dfbda6948	35dd5239977c2922a06389061cca846ec09453bb	795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f
Ryuk	155648	7a7b1300e8b5a10424e08958a6fc15c1	9db96b1a4bff1ffc6b945360cc5cc363642ffc94	501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9
Ryuk	156160	40492c178079e65dfd5449bf899413b6	f3fa5d5942e5085586d7fcc496d3fad7804abcc2	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b
GandCrab	1188	37795ac41c9b35035457a927978fcdd3	89b8b889449241f0ae1982c0db33afaa76a5d9b5	9d932a98c37b9a5454d3ba32596ef0292f55d3f7b3f9831a39df526ad1e686aa
GandCrab	212992	5f36c4861f8d90c5e5011603738c4aa6	23f6c73678c1ac1794a36237e51675be4cfc180d	8163602357b51402b8e34b385b0228ac4a603e19c6c8006e1c7a7a8099450742
GandCrab	136274	8e5f4903cad2b129eef0beb7001db3d7	8202f983fec9e4589598966232059ff33bb226d4	f6013b930287d6fdb7d1d403396e4362e34a8d70192ba97b1f35ad97f99552c0
GandCrab	257024	ae81f3a400cf631aafc46758e32756dd	3b42ae50f7f83840e24b27fc30c2bfa158131039	f85ffff8c83a93a2ab0c8ef050f25499c0aebca38f55fb58f313881da502cde7
Anatova	352256	366770ebfd096b69e5017a3e33577a94	711f9985ba5a1933351f017022c3ed9ec92cb6da	ab8a76b64448b943dc96a3e993b6e6b37af27c93738d27ffd1f4c9f96a1b7e69
Anatova	49664	2a0da563f5b88c4d630aefbcd212a35e	fec79b74bb6cc4ddf0bf0655a9ef73b0aff09bbc	97fb79ca6fc5d24384bf5ae3d01bf5e77f1d2c0716968681e79c097a7d95fb93
Anatova	597504	9d844d5480eec1715b18e3f6472618aa	9ccc09beca90983815c63bed939673b2d421fc2c	bd422f912affcf6d0830c13834251634c8b55b5a161c1084deae1f9b5d6830ce
Anatova	314368	596ebe227dcd03863e0a740b6c605924	37fadc40d6dc787cb13ef11663a9bc97c79b8f48	170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0
Anatova	314368	61139db0bbe4937cd1afc0b818049891	200800368f75146320545095661fed0c3e75d025	75371ff38823885b47aa21d2883792a5470e9bf1f3d2dc93f512725f35491820
Shade	1222408	f67045329a5e10b9329d4de8c7c15d92	9023b108989b61223c9dc23a8fb1ef7cd82ea66b	a877748c5a561feb45f946d30223e1a309902b5a05c8574a0c3e906f6cf2ccb1
Shade	1086216	8a714ad99ae5dbd5fd8432efafb5b8e6	d8418df846e93da657312acd64a671887e8d0fa7	e43fb62c12fcf1be9f9982e81a59350a8f9dd2389198c0b332cef832a63aac0f
Shade	1072392	751af1bd3e398cb7f3c95bdc162f5817	feb458152108f81b3525b9aed2f6eb0f22af0866	6090a3b86cbec1e81983fcaf450dd20ec6bcfb942ae759bf7ccbda699378a28c
Shade	1228040	1f7a4f1c2ee11b91cb03055bc36ea540	441cfa1600e771aa8a78482963ebf278c297f81a	cff0ba8b9bde4bf5e562e2db5ec5e6a0cba331410d8b93cbcf00e08f4cfe9630
Shade	1256712	546debd903c57f82c97c1d875ab1c8ef	7ab40cd49b54427c607327fff7ad879f926f685f	0ddcd4073c567f011477e54c4632e3ae44ed41608c109e01b7f829b82701c694
Shade	1354752	2d754117c7a8f24a646e03723a8d2095	9e8319015c28ff41d6a0e21dfa7a18044fb58682	e6e0c121addfe84619582dd1c7a21b848042d6cd75c8a21117acb462b42b63dd
Shade	1071880	3a29dd9147865b2c35f92a2aef0aba8d	0df31f125cc125463dd230ae8980dcaae7f80617	35809b55e77a750ff6d07100d5de321e513e3f33feb200d3b4323aab235f7fdd
SamSam	276	46602c08bc8a96b55d7998cd695dabaa	6b21aec23a844e6a5af1879c41b9632a0e705bb7	9c8ad4147f5cbdda51317a857d75720c84bddb16338dabe374a3e60c64c2f0de
SamSam			713973f14ae8ff88a63a1491e82e48f362e3aed7
SamSam	239104	9101fef217778423266988ce92a2e595	3cbddf5f027b19e55366ecc0fd287f31379175a0	0bbb34b3cb16f24fbb3189e9c02ae9c7e6bfb806e89a9622007ac0ec6b5e16d9
SamSam	6144	b96620d8a08fa436ea22ef480dd883ce	a1ab74d2f06a542e77ea2c6d641aae4ed163a2da	738c95f5bfe63a530b200a0d73f363d46c5671c1fcbb69c217e15a3516501a86
SamSam	5632	f702153b68628eff973abb2912af0d22	138c3aae51e67db0c4134affae428fe91c0d1686	da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5
SamSam	5120	76bd79f774ae892fd6a30b6463050a91	4d7a60bd1fb3677a553f26d95430c107c8485129	9b23bfc35b18ed80104c496b2aa722b3e56ff9ceb9dae60d1aff7230321c1d12

LockerGoga (Adresses courriel de contact) :

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

De nombreux articles de presse spécialisée et rapports d'éditeurs donnent des informations supplémentaires :

other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "",
  "closed_at": "2019-06-20",
  "content": "## Solution\n\nL\u0027ANSSI recommande de se conformer aux mesures \u00e9nonc\u00e9es dans la note\nd\u0027information suivante :\n\u003ca href=\"/information/CERTFR-2017-INF-001/\"\nclass=\"moz-txt-link-freetext\"\u003e/information/CERTFR-2017-INF-001/\u003c/a\u003e\n\n## Contournement provisoire\n\n### Indicateurs de compromission\n\n\u00a0\n\n|            |                             |                                  |                                          |                                                                  |\n|:----------:|:---------------------------:|:--------------------------------:|:----------------------------------------:|:----------------------------------------------------------------:|\n|  famille   | taille du fichier en octets |               md5                |                   sha1                   |                              sha256                              |\n| LockerGoga |           1267728           | 52340664fe59e030790c48b66924b5bd | 73171ffa6dfee5f9264e3d20a1b6926ec1b60897 | bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f |\n| LockerGoga |           1284112           | 9cad8641ac79688e09c5fa350aef2094 | 3da0a217bbda09561780f52f163a6aafeb721d60 | 5b0b972713cd8611b04e4673676cdff70345ac7301b2c23173cdfeaff564225c |\n| LockerGoga |           1282576           | 164f72dfb729ca1e15f99d456b7cf811 | f92339e73c7e901c0c852d8e65615cfb588a4ff6 | 8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29 |\n| LockerGoga |           1267728           | 3ebca21b1d4e2f482b3eda6634e89211 | 37cdd1e3225f8da596dc13779e902d8d13637360 | 6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77 |\n| LockerGoga |           1267728           | a1d732aa27e1ca2ae45a189451419ed5 | 50f5a5ec13d21d4df119140547d63bc40f93b079 | c3d334cb7f6007c9ebee1a68c4f3f72eac9b3c102461d39f2a0a4b32a053843a |\n| LockerGoga |           2097664           | 174e3d9c7b0380dd7576187c715c4681 | 31fbfe814628db3b459ddc87bf5ed538700db17a | c7a69dcfb6a3fe433a52a71d85a7e90df25b1db1bc843a541eb08ea2fd1052a4 |\n| LockerGoga |           8129536           | ba53d8910ec3e46864c3c86ebd628796 | d1c2dfedc602f5d5f2036b0ba5541cac8f8b4b95 | a84171501074bac584348f2942964c8550374c39247ec6af0f4a69756ea9fc7a |\n| LockerGoga |           833024            | a52f26575556d3c4eccd3b51265cb4e6 | 61fdebb3c9dfa880b54e82579256acfcd4d6d406 | 97a2ab7a94148d605f3c0a1146a70ba5c436a438b23298a1f02f71866f420c43 |\n|    Ryuk    |           155648            | 32cbc69f85cc47d8e35dc20dfbda6948 | 35dd5239977c2922a06389061cca846ec09453bb | 795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f |\n|    Ryuk    |           155648            | 7a7b1300e8b5a10424e08958a6fc15c1 | 9db96b1a4bff1ffc6b945360cc5cc363642ffc94 | 501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9 |\n|    Ryuk    |           156160            | 40492c178079e65dfd5449bf899413b6 | f3fa5d5942e5085586d7fcc496d3fad7804abcc2 | fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b |\n|  GandCrab  |            1188             | 37795ac41c9b35035457a927978fcdd3 | 89b8b889449241f0ae1982c0db33afaa76a5d9b5 | 9d932a98c37b9a5454d3ba32596ef0292f55d3f7b3f9831a39df526ad1e686aa |\n|  GandCrab  |           212992            | 5f36c4861f8d90c5e5011603738c4aa6 | 23f6c73678c1ac1794a36237e51675be4cfc180d | 8163602357b51402b8e34b385b0228ac4a603e19c6c8006e1c7a7a8099450742 |\n|  GandCrab  |           136274            | 8e5f4903cad2b129eef0beb7001db3d7 | 8202f983fec9e4589598966232059ff33bb226d4 | f6013b930287d6fdb7d1d403396e4362e34a8d70192ba97b1f35ad97f99552c0 |\n|  GandCrab  |           257024            | ae81f3a400cf631aafc46758e32756dd | 3b42ae50f7f83840e24b27fc30c2bfa158131039 | f85ffff8c83a93a2ab0c8ef050f25499c0aebca38f55fb58f313881da502cde7 |\n|  Anatova   |           352256            | 366770ebfd096b69e5017a3e33577a94 | 711f9985ba5a1933351f017022c3ed9ec92cb6da | ab8a76b64448b943dc96a3e993b6e6b37af27c93738d27ffd1f4c9f96a1b7e69 |\n|  Anatova   |            49664            | 2a0da563f5b88c4d630aefbcd212a35e | fec79b74bb6cc4ddf0bf0655a9ef73b0aff09bbc | 97fb79ca6fc5d24384bf5ae3d01bf5e77f1d2c0716968681e79c097a7d95fb93 |\n|  Anatova   |           597504            | 9d844d5480eec1715b18e3f6472618aa | 9ccc09beca90983815c63bed939673b2d421fc2c | bd422f912affcf6d0830c13834251634c8b55b5a161c1084deae1f9b5d6830ce |\n|  Anatova   |           314368            | 596ebe227dcd03863e0a740b6c605924 | 37fadc40d6dc787cb13ef11663a9bc97c79b8f48 | 170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0 |\n|  Anatova   |           314368            | 61139db0bbe4937cd1afc0b818049891 | 200800368f75146320545095661fed0c3e75d025 | 75371ff38823885b47aa21d2883792a5470e9bf1f3d2dc93f512725f35491820 |\n|   Shade    |           1222408           | f67045329a5e10b9329d4de8c7c15d92 | 9023b108989b61223c9dc23a8fb1ef7cd82ea66b | a877748c5a561feb45f946d30223e1a309902b5a05c8574a0c3e906f6cf2ccb1 |\n|   Shade    |           1086216           | 8a714ad99ae5dbd5fd8432efafb5b8e6 | d8418df846e93da657312acd64a671887e8d0fa7 | e43fb62c12fcf1be9f9982e81a59350a8f9dd2389198c0b332cef832a63aac0f |\n|   Shade    |           1072392           | 751af1bd3e398cb7f3c95bdc162f5817 | feb458152108f81b3525b9aed2f6eb0f22af0866 | 6090a3b86cbec1e81983fcaf450dd20ec6bcfb942ae759bf7ccbda699378a28c |\n|   Shade    |           1228040           | 1f7a4f1c2ee11b91cb03055bc36ea540 | 441cfa1600e771aa8a78482963ebf278c297f81a | cff0ba8b9bde4bf5e562e2db5ec5e6a0cba331410d8b93cbcf00e08f4cfe9630 |\n|   Shade    |           1256712           | 546debd903c57f82c97c1d875ab1c8ef | 7ab40cd49b54427c607327fff7ad879f926f685f | 0ddcd4073c567f011477e54c4632e3ae44ed41608c109e01b7f829b82701c694 |\n|   Shade    |           1354752           | 2d754117c7a8f24a646e03723a8d2095 | 9e8319015c28ff41d6a0e21dfa7a18044fb58682 | e6e0c121addfe84619582dd1c7a21b848042d6cd75c8a21117acb462b42b63dd |\n|   Shade    |           1071880           | 3a29dd9147865b2c35f92a2aef0aba8d | 0df31f125cc125463dd230ae8980dcaae7f80617 | 35809b55e77a750ff6d07100d5de321e513e3f33feb200d3b4323aab235f7fdd |\n|   SamSam   |             276             | 46602c08bc8a96b55d7998cd695dabaa | 6b21aec23a844e6a5af1879c41b9632a0e705bb7 | 9c8ad4147f5cbdda51317a857d75720c84bddb16338dabe374a3e60c64c2f0de |\n|   SamSam   |                             |                                  | 713973f14ae8ff88a63a1491e82e48f362e3aed7 |                                                                  |\n|   SamSam   |           239104            | 9101fef217778423266988ce92a2e595 | 3cbddf5f027b19e55366ecc0fd287f31379175a0 | 0bbb34b3cb16f24fbb3189e9c02ae9c7e6bfb806e89a9622007ac0ec6b5e16d9 |\n|   SamSam   |            6144             | b96620d8a08fa436ea22ef480dd883ce | a1ab74d2f06a542e77ea2c6d641aae4ed163a2da | 738c95f5bfe63a530b200a0d73f363d46c5671c1fcbb69c217e15a3516501a86 |\n|   SamSam   |            5632             | f702153b68628eff973abb2912af0d22 | 138c3aae51e67db0c4134affae428fe91c0d1686 | da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5 |\n|   SamSam   |            5120             | 76bd79f774ae892fd6a30b6463050a91 | 4d7a60bd1fb3677a553f26d95430c107c8485129 | 9b23bfc35b18ed80104c496b2aa722b3e56ff9ceb9dae60d1aff7230321c1d12 |\n\n\u00a0\n\nLockerGoga (Adresses courriel de contact) :\n\n-   \u003ca href=\"mailto:CottleAkela@protonmail.com\"\n    class=\"moz-txt-link-abbreviated\"\u003eCottleAkela@protonmail.com\u003c/a\u003e\u003ca href=\"mailto:CottleAkela@protonmail.com\"\n    class=\"moz-txt-link-rfc2396E\"\u003e\u0026lt;mailto:CottleAkela@protonmail.com\u0026gt;\u003c/a\u003e\n-   \u003ca href=\"mailto:QyavauZehyco1994@o2.pl\"\n    class=\"moz-txt-link-abbreviated\"\u003eQyavauZehyco1994@o2.pl\u003c/a\u003e\u003ca href=\"mailto:QyavauZehyco1994@o2.pl\"\n    class=\"moz-txt-link-rfc2396E\"\u003e\u0026lt;mailto:QyavauZehyco1994@o2.pl\u0026gt;\u003c/a\u003e\n-   \u003ca href=\"mailto:IjuqodiSunovib98@o2.pl\"\n    class=\"moz-txt-link-abbreviated\"\u003eIjuqodiSunovib98@o2.pl\u003c/a\u003e\u003ca href=\"mailto:IjuqodiSunovib98@o2.pl\"\n    class=\"moz-txt-link-rfc2396E\"\u003e\u0026lt;mailto:IjuqodiSunovib98@o2.pl\u0026gt;\u003c/a\u003e\n-   \u003ca href=\"mailto:AbbsChevis@protonmail.com\"\n    class=\"moz-txt-link-abbreviated\"\u003eAbbsChevis@protonmail.com\u003c/a\u003e\u003ca href=\"mailto:AbbsChevis@protonmail.com\"\n    class=\"moz-txt-link-rfc2396E\"\u003e\u0026lt;mailto:AbbsChevis@protonmail.com\u0026gt;\u003c/a\u003e\n\n\u00a0\n",
  "cves": [],
  "links": [
    {
      "title": "De nombreux articles de presse sp\u00e9cialis\u00e9e et rapports d\u0027\u00e9diteurs donnent des informations suppl\u00e9mentaires :",
      "url": "https://cert.ssi.gouv.fr/actualite/CERTFR-2019-ACT-005/"
    }
  ],
  "reference": "CERTFR-2019-ALE-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-01-31T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027une coquille sur le nom LockerGoga",
      "revision_date": "2019-02-01T00:00:00.000000"
    },
    {
      "description": "Correction bogue de mise en page",
      "revision_date": "2019-02-04T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien vers un bulletin d\u0027actualit\u00e9 d\u00e9di\u00e9 \u00e0 la menace des ran\u00e7ongiciels",
      "revision_date": "2019-03-26T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte",
      "revision_date": "2019-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "S\u0027ex\u00e9cuter avec des privil\u00e8ges de compte administrateur (samsam)"
    },
    {
      "description": "D\u0027utiliser des certificats d\u0027authentification sign\u00e9s par une autorit\u00e9 de certification (c\u0027est le cas de lockergoga par exemple)"
    },
    {
      "description": "De contourner des solutions antivirales (notamment samsam et ryuk)"
    }
  ],
  "summary": "Voir la rubrique Contournement Provisoire pour les indicateurs de\ncompromission.\n",
  "title": "Campagnes de ran\u00e7ongiciels",
  "vendor_advisories": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted