Tool: GlobeImposter| Names | GlobeImposter Fake Globe | |
| Category | Malware | |
| Type | Ransomware | |
| Description | (Malwarebytes) Ransom.GlobeImposter is a ransomware application that will encrypt files on a victim machine and demand payment to retrieve the information. Ransom.GlobeImposter is also known as Fake Globe due to how the software mimics the Globe ransomware family. Ransom.GlobeImposter may be distributed through a malicious spam campaign, recognizable only with their lack of message content and an attached ZIP file. This type of spam is called a “blank slate.” Ransom.GlobeImposter is also distributed via exploits and malicious advertising, fake updates, and repacked infected installers. | |
| Information | <https://blog.malwarebytes.com/detections/ransom-globeimposter/> <https://www.bleepingcomputer.com/news/security/new-doc-globeimposter-ransomware-variant-malspam-campaign-underway/> <https://blog.fortinet.com/2017/08/05/analysis-of-new-globeimposter-ransomware-variant> <https://info.phishlabs.com/blog/globe-imposter-ransomware-makes-a-new-run> <https://isc.sans.edu/diary/23417> <https://blog.ensilo.com/globeimposter-ransomware-technical> <https://www.acronis.com/en-us/blog/posts/globeimposter-ransomware-holiday-gift-necurs-botnet> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.globeimposter> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:GlobeImposter> | |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Previous: GlitchPOS
Next: GLOOXMAIL
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | TA505, Graceful Spider, Gold Evergreen |  | 2006-Oct 2020  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |