The Long Run of Shade Ransomware
Security Affairs
FEBRUARY 19, 2019
The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. Shade connects to its C2 server using embedded TOR libraries and downloads additional modules, such as the aforementioned “CMSBrute” or the “ZCash miner” one. Conclusions.
Let's personalize your content