Loading...

Trolldesh Ransomware Dropper

Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors.
The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper:
hxxp://doolaekhun[.]com/cgi-bin/[redacted].php
This type of infected URL is usually spread through malicious emails or through services like social media.
Malicious “JSC Airline” JScript File
Once a victim clicks the URL and loads it, a JScript file downloads to the victim’s computer.
Continue reading Trolldesh Ransomware Dropper at Sucuri Blog.

https://blog.sucuri.net/2019/08/trolldesh-ransomware-dropper.html

Leave a Reply

Your email address will not be published. Required fields are marked *