{"id":21822,"date":"2022-10-26T08:57:37","date_gmt":"2022-10-26T08:57:37","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=21822"},"modified":"2026-04-17T18:07:43","modified_gmt":"2026-04-17T18:07:43","slug":"stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/","title":{"rendered":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware"},"content":{"rendered":"\n

Overview<\/strong><\/h2>\n\n\n\n

The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily used to blackmail individuals with a relatively low ransom around USD 2,500. The Magniber ransomware can neither be transmitted automatically nor used to upload user files, but encrypt files only. Here listed some Magniber-related ransom activities in 2022:<\/p>\n\n\n\n

In January 2022, the Magnber ransomware was disguised as a signed APPX file to infect the users’ hosts when the user updated their Chrome and Edge browsers.<\/p>\n\n\n\n

In April 2022, the Magniber ransomware was disguised as Windows 10 updates (.msi file) and was distributed through malicious websites to infect user hosts.<\/p>\n\n\n\n

In September 2022, the improved Magnber ransomware was disguised as a JavaScript (.js file) to infect the users’ hosts.<\/p>\n\n\n\n

Attack Method<\/strong><\/h2>\n\n\n\n

The new variant of Magniber captured in September 2022 used an attack method similar to that in May this year – masquerading as a Windows update file to encrypt the users’ host files for ransom.<\/p>\n\n\n\n

\"Red<\/a><\/figure>\n\n\n\n

Magniber samples disguised as Windows update files(.msi file) in May 2022<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Magniber samples disguised as Windows update file (.js file)in September 2022<\/p>\n\n\n\n

Reverse Analysis<\/strong>  <\/h2>\n\n\n\n

Before we dive into the details, let’s see the implementation process first.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Implementation process<\/p>\n\n\n\n

1. JavaScript file<\/strong><\/p>\n\n\n\n

This time the Magniber ransomware was written in JavaScript, and its code was obfuscated <\/a>slightly.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

JavaScript code used in Magniber ransomware<\/p>\n\n\n\n

When we examined the code, we found that the JavaScript code in the Magniber ransomware was similar to the code generated by an open-source tool GadgetToJScript.<\/p>\n\n\n\n

With this tool, .NET programs can be encapsulated in JS, VBS, VBA or HTA scripts. Although the sample captured this time is a JavaScript file, it does not rule out the possibility that ransomware will be converted into VBS, VBA or HTA scripts in subsequent attacks.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

When the BinaryFormatter in the JS\/VBS\/VBA script is used for deserialization, .NET assembly loading\/execution can be triggered. Taking this advantage, attackers can execute its built-in. NET code in the above JavaScript code.<\/p>\n\n\n\n

The .NET program contains little code. Its primary function is to decrypt the shellcode and set the callback function address of EnumUILanguages as the shellcode entry, then call the EnumUILanguages function to execute the shell code.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

2. Shellcode<\/strong><\/p>\n\n\n\n

When Shellcode was executed, it called NtQuerySystemInformation first to obtain all processes running on the current system, used the NtOpenProcess function to obtain handles of the injection process, and then used the NtQueryInformationProcess function to identify whether the current process is 64-bit. If true, it called functions such as NtWriteVirtualMemory, NtProtectVirtualMemory, NtCreateThreadEx, and NtResumeThread for thread injection.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Process of injection function judgment<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Process of execution injection<\/p>\n\n\n\n

It is worth mentioning that Magniber selected uploading the call number and used Syscall to call the kernel function directly to bypass the anti-virus software’s monitoring of Windows APIs. However, the call number required to call the same function in different Windows kernel versions is not necessarily the same. To support Windows hosts with different kernel versions, Magniber needs to judge the call number. By reverse analysis of Magniber calling the NtCreateThreadEx function, the currently supported Windows versions are found as follows:<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

3. Injection Code<\/strong><\/p>\n\n\n\n

When executing the thread, the injected code is the ransomware virus itself actually. The samples captured this time are entirely consistent with the core functions captured earlier. The encryption process is as follows:<\/p>\n\n\n\n

(1) Obtain the list of folders and files on the current host;<\/p>\n\n\n\n

(2) Check the folder to be encrypted. If it is in the white list, do not encrypt it;<\/p>\n\n\n\n

(3) Judge whether the file extension of the current file is the extension of the file to be encrypted, and if it is, encrypt it;<\/p>\n\n\n\n

(4) Randomly generate the Key and IV required for AES encryption;<\/p>\n\n\n\n

(5) Use AES CBC mode to encrypt the current file;<\/p>\n\n\n\n

(6) Use the built-in RSA public key to encrypt the AES Key and IV and append the encryption result to the end of the file;<\/p>\n\n\n\n

(7) Add the extension. rfguxgmap to the encrypted file;<\/p>\n\n\n\n

(8) Create a README.html blackmail message in the folder of the encrypted file;<\/p>\n\n\n\n

(9) Use the Edge browser to open the blackmail page to remind users that their files have been encrypted.<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Extension of the encrypted file<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Blackmail massage<\/p>\n\n\n\n

In the samples captured in May, the Magniber ransomware can delete the shadow copy and disable the Windows recovery function by thread injection. The new variant cut the thread injection process but deleted the shadow copy and disabled the Windows recovery function directly after the blackmail execution was completed.<\/p>\n\n\n\n

Similar to the sample captured in May, The Magniber ransomware chose to use UAC Bypass to trigger the operation of cleaning up Windows backups. The specific steps of UAC Bypass used in the sample are as follows:<\/p>\n\n\n\n

1. Locate Registry Key<\/p>\n\n\n\n

“HKCU\\SOFTWARE\\Classes\\AppX04g0mbrz4mkc6e879rpf6qk6te730jfv\\Shell\\open\\commandâ€<\/p>\n\n\n\n

2. Set the default Key value to:<\/p>\n\n\n\n

“wscript.exe \/B \/E:VBScript.Encode ..\/..\/Users\/Public\/chvzelmd.rdbâ€<\/p>\n\n\n\n

3. Write encoded VBScript code that includes deleting shadow copies and system backups and disabling Windows recovery to the Public directory<\/p>\n\n\n\n

4. Create fodhelper.exe processes to trigger the UAC Bypass operation and execute the commands written in the registry<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Steps of UAC Bypass<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"Red<\/a><\/figure>\n<\/div>\n\n\n

Decrypted VBScript<\/p>\n\n\n\n

Protection Recommentations<\/strong><\/h2>\n\n\n\n
  • Do not download or run any patch files from unofficial websites;<\/li>
  • Install anti-virus software with self-protection to prevent attackers from exiting or ending the process, and update the virus database on time;<\/li>
  • In addition to the Magniber ransomware with the extensions of .exe, .msi and .js, stay alert of its variants with the extensions of .vbs and .hta;<\/li>
  • Strengthen the security awareness of employees, and do not open any strange emails and suspicious links;<\/li>
  • Modify the default user name of the system administrator and do not use user names such as admin, administrator, and test that attackers easily crack.<\/li>
  • Strengthen host account and password management and level up the complexity and modification frequency;<\/li>
  • Configure account locking policy through Windows group policy to lock accounts that fail to log in after several continuous attempts during a short time;<\/li>
  • Enable the Windows system firewall, and strengthen RDP and SMB service access through ACL and other methods;<\/li>
  • Timely update the security patches for critical vulnerabilities of the operating system and other commonly used software;<\/li>
  • Back up critical business data regularly to prevent data damage or loss.<\/li><\/ul>\n\n\n\n

    Appendix<\/h2>\n\n\n\n

    1. Encryption-related information<\/strong><\/p>\n\n\n\n

    White list:<\/p>\n\n\n\n

    \n

    “documents and settings”<\/p>\n\n\n\n

    “appdata”<\/p>\n\n\n\n

    “local settings”<\/p>\n\n\n\n

    “sample music”<\/p>\n\n\n\n

    “sample pictures”<\/p>\n\n\n\n

    “sample videos”<\/p>\n\n\n\n

    “tor browser”<\/p>\n\n\n\n

    “recycle”<\/p>\n\n\n\n

    “windows”<\/p>\n\n\n\n

    “boot”<\/p>\n\n\n\n

    “intel”<\/p>\n\n\n\n

    “msocache”<\/p>\n\n\n\n

    “perflogs”<\/p>\n\n\n\n

    “program files”<\/p>\n\n\n\n

    “programdata”<\/p>\n\n\n\n

    “recovery” “system volume information”<\/p>\n<\/div><\/div>\n\n\n\n

    Extensions of encrypted files:<\/p>\n\n\n\n

    \n

    1-bit extensions for small-size files: [‘c’, ‘h’, ‘j’, ‘p’, ‘x’]<\/p>\n\n\n\n

    2-bit extensions for samll-size files: [‘ai’, ‘ca’, ‘cd’, ‘cf’, ‘cs’, ‘ct’, ‘db’, ‘dd’, ‘dt’, ‘dv’, ‘dx’, ‘em’, ‘ep’, ‘eq’, ‘fa’, ‘fb’, ‘fi’, ‘fo’, ‘gv’, ‘hp’, ‘hs’, ‘hz’, ‘ib’, ‘ii’, ‘js’, ‘jw’, ‘ma’, ‘mb’, ‘me’, ‘mm’, ‘mx’, ‘my’, ‘of’, ‘pa’, ‘pm’, ‘pu’, ‘px’, ‘qd’, ‘rb’, ‘rd’, ‘rs’, ‘rt’, ‘rw’, ‘sh’, ‘sq’, ‘st’, ‘te’, ‘tm’, ‘vb’, ‘vm’, ‘vw’, ‘wn’, ‘wp’, ‘xd’, ‘ya’, ‘ym’, ‘zw’]
    2-bit extension for large-size files: [‘gz’]
    3-bit extensions for small-size files:[‘abm’, ‘abs’, ‘abw’, ‘act’, ‘adn’, ‘adp’, ‘aes’, ‘aft’, ‘afx’, ‘agp’, ‘ahd’, ‘aic’, ‘aim’, ‘alf’, ‘ans’, ‘apd’, ‘apm’, ‘aps’, ‘apt’, ‘apx’, ‘art’, ‘arw’, ‘asc’, ‘ase’, ‘ask’, ‘asm’, ‘asp’, ‘asw’, ‘asy’, ‘aty’, ‘awp’, ‘awt’, ‘aww’, ‘azz’, ‘bad’, ‘bay’, ‘bbs’, ‘bdb’, ‘bdp’, ‘bdr’, ‘bib’, ‘bmx’, ‘bna’, ‘bnd’, ‘boc’, ‘bok’, ‘brd’, ‘brk’, ‘brn’, ‘brt’, ‘bss’, ‘btd’, ‘bti’, ‘btr’, ‘can’, ‘cdb’, ‘cdc’, ‘cdg’, ‘cdr’, ‘cdt’, ‘cfu’, ‘cgm’, ‘cin’, ‘cit’, ‘ckp’, ‘cma’, ‘cmx’, ‘cnm’, ‘cnv’, ‘cpc’, ‘cpd’, ‘cpg’, ‘cpp’, ‘cps’, ‘cpx’, ‘crd’, ‘crt’, ‘crw’, ‘csr’, ‘csv’, ‘csy’, ‘cvg’, ‘cvi’, ‘cvs’, ‘cvx’, ‘cwt’, ‘cxf’, ‘cyi’, ‘dad’, ‘daf’, ‘dbc’, ‘dbf’, ‘dbk’, ‘dbs’, ‘dbt’, ‘dbv’, ‘dbx’, ‘dca’, ‘dcb’, ‘dch’, ‘dcr’, ‘dcs’, ‘dct’, ‘dcx’, ‘dds’, ‘ded’, ‘der’, ‘dgn’, ‘dgs’, ‘dgt’, ‘dhs’, ‘dib’, ‘dif’, ‘dip’, ‘diz’, ‘djv’, ‘dmi’, ‘dmo’, ‘dnc’, ‘dne’, ‘doc’, ‘dot’, ‘dpp’, ‘dpx’, ‘dqy’, ‘drw’, ‘drz’, ‘dsk’, ‘dsn’, ‘dsv’, ‘dta’, ‘dtw’, ‘dvi’, ‘dwg’, ‘dxb’, ‘dxf’, ‘eco’, ‘ecw’, ‘ecx’, ‘edb’, ‘efd’, ‘egc’, ‘eio’, ‘eip’, ‘eit’, ‘emd’, ‘emf’, ‘epf’, ‘epp’, ‘eps’, ‘erf’, ‘err’, ‘etf’, ‘etx’, ‘euc’, ‘exr’, ‘faq’, ‘fax’, ‘fbx’, ‘fcd’, ‘fcf’, ‘fdf’, ‘fdr’, ‘fds’, ‘fdt’, ‘fdx’, ‘fes’, ‘fft’, ‘fic’, ‘fid’, ‘fif’, ‘fig’, ‘flr’, ‘fmv’, ‘fpt’, ‘fpx’, ‘frm’, ‘frt’, ‘frx’, ‘ftn’, ‘fxc’, ‘fxg’, ‘fzb’, ‘fzv’, ‘gdb’, ‘gem’, ‘geo’, ‘gfb’, ‘ggr’, ‘gih’, ‘gim’, ‘gio’, ‘gpd’, ‘gpg’, ‘gpn’, ‘gro’, ‘grs’, ‘gsd’, ‘gtp’, ‘gwi’, ‘hbk’, ‘hdb’, ‘hdp’, ‘hdr’, ‘hht’, ‘his’, ‘hpg’, ‘hpi’, ‘htc’, ‘hwp’, ‘ibd’, ‘imd’, ‘ink’, ‘ipf’, ‘ipx’, ‘itw’, ‘iwi’, ‘jar’, ‘jas’, ‘jbr’, ‘jia’, ‘jis’, ‘jng’, ‘joe’, ‘jpe’, ‘jps’, ‘jpx’, ‘jsp’, ‘jtf’, ‘jtx’, ‘jxr’, ‘kdb’, ‘kdc’, ‘kdi’, ‘kdk’, ‘kes’, ‘key’, ‘kic’, ‘klg’, ‘knt’, ‘kon’, ‘kpg’, ‘kwd’, ‘lay’, ‘lbm’, ‘lbt’, ‘ldf’, ‘lgc’, ‘lis’, ‘lit’, ‘ljp’, ‘lmk’, ‘lnt’, ‘lrc’, ‘lst’, ‘ltr’, ‘ltx’, ‘lue’, ‘luf’, ‘lwo’, ‘lwp’, ‘lws’, ‘lyt’, ‘lyx’, ‘mac’, ‘man’, ‘map’, ‘maq’, ‘mat’, ‘max’, ‘mbm’, ‘mdb’, ‘mdf’, ‘mdn’, ‘mdt’, ‘mef’, ‘mel’, ‘mft’, ‘min’, ‘mnr’, ‘mnt’, ‘mos’, ‘mpf’, ‘mpo’, ‘mrg’, ‘msg’, ‘mud’, ‘mwb’, ‘mwp’, ‘myd’, ‘myi’, ‘ncr’, ‘nct’, ‘ndf’, ‘nef’, ‘nfo’, ‘njx’, ‘nlm’, ‘now’, ‘nrw’, ‘nsf’, ‘nyf’, ‘nzb’, ‘obj’, ‘oce’, ‘oci’, ‘odb’, ‘odg’, ‘odm’, ‘odo’, ‘odp’, ‘ods’, ‘odt’, ‘oft’, ‘omf’, ‘oqy’, ‘ora’, ‘orf’, ‘ort’, ‘orx’, ‘ost’, ‘ota’, ‘otg’, ‘oti’, ‘otp’, ‘ots’, ‘ott’, ‘ovp’, ‘ovr’, ‘owc’, ‘owg’, ‘oyx’, ‘ozb’, ‘ozj’, ‘ozt’, ‘pan’, ‘pap’, ‘pas’, ‘pbm’, ‘pcd’, ‘pcs’, ‘pdb’, ‘pdd’, ‘pdf’, ‘pdm’, ‘pds’, ‘pdt’, ‘pef’, ‘pem’, ‘pff’, ‘pfi’, ‘pfs’, ‘pfv’, ‘pfx’, ‘pgf’, ‘pgm’, ‘phm’, ‘php’, ‘pic’, ‘pix’, ‘pjt’, ‘plt’, ‘pmg’, ‘pni’, ‘pnm’, ‘pnz’, ‘pop’, ‘pot’, ‘ppm’, ‘pps’, ‘ppt’, ‘prt’, ‘prw’, ‘psd’, ‘pse’, ‘psp’, ‘pst’, ‘psw’, ‘ptg’, ‘pth’, ‘ptx’, ‘pvj’, ‘pvm’, ‘pvr’, ‘pwa’, ‘pwi’, ‘pwr’, ‘pxr’, ‘pza’, ‘pzp’, ‘pzs’, ‘qmg’, ‘qpx’, ‘qry’, ‘qvd’, ‘rad’, ‘ras’, ‘raw’, ‘rcu’, ‘rdb’, ‘rft’, ‘rgb’, ‘rgf’, ‘rib’, ‘ric’, ‘ris’, ‘rix’, ‘rle’, ‘rli’, ‘rng’, ‘rpd’, ‘rpf’, ‘rpt’, ‘rri’, ‘rsb’, ‘rsd’, ‘rsr’, ‘rst’, ‘rtd’, ‘rtf’, ‘rtx’, ‘run’, ‘rzk’, ‘rzn’, ‘saf’, ‘sam’, ‘sbf’, ‘scc’, ‘sch’, ‘sci’, ‘scm’, ‘sct’, ‘scv’, ‘scw’, ‘sdb’, ‘sdf’, ‘sdm’, ‘sdw’, ‘sep’, ‘sfc’, ‘sfw’, ‘sgm’, ‘sig’, ‘skm’, ‘sla’, ‘sld’, ‘slk’, ‘sln’, ‘sls’, ‘smf’, ‘sms’, ‘snt’, ‘sob’, ‘spa’, ‘spe’, ‘sph’, ‘spj’, ‘spp’, ‘spq’, ‘spr’, ‘sqb’, ‘srw’, ‘ssa’, ‘ssk’, ‘stc’, ‘std’, ‘sti’, ‘stm’, ‘stn’, ‘stp’, ‘str’, ‘stw’, ‘sty’, ‘sub’, ‘suo’, ‘svf’, ‘svg’, ‘sxc’, ‘sxd’, ‘sxg’, ‘sxi’, ‘sxm’, ‘sxw’, ‘tab’, ‘tcx’, ‘tdf’, ‘tdt’, ‘tex’, ‘thp’, ‘tlb’, ‘tlc’, ‘tmd’, ‘tmv’, ‘tmx’, ‘tne’, ‘tpc’, ‘trm’, ‘tvj’, ‘udb’, ‘ufr’, ‘unx’, ‘uof’, ‘uop’, ‘uot’, ‘upd’, ‘usr’, ‘vbr’, ‘vbs’, ‘vct’, ‘vdb’, ‘vdi’, ‘vec’, ‘vmx’, ‘vnt’, ‘vpd’, ‘vrm’, ‘vrp’, ‘vsd’, ‘vsm’, ‘vue’, ‘wbk’, ‘wcf’, ‘wdb’, ‘wgz’, ‘wks’, ‘wpa’, ‘wpd’, ‘wpg’, ‘wps’, ‘wpt’, ‘wpw’, ‘wri’, ‘wsc’, ‘wsd’, ‘wsh’, ‘wtx’, ‘xar’, ‘xdb’, ‘xlc’, ‘xld’, ‘xlf’, ‘xlm’, ‘xls’, ‘xlt’, ‘xlw’, ‘xps’, ‘xwp’, ‘xyp’, ‘xyw’, ‘ybk’, ‘zdb’, ‘zdc’]
    3-bit extensions for large-size files: [‘arc’, ‘asf’, ‘avi’, ‘bak’, ‘bmp’, ‘fla’, ‘flv’, ‘gif’, ‘iso’, ‘jpg’, ‘mid’, ‘mkv’, ‘mov’, ‘mpg’, ‘paq’, ‘png’, ‘rar’, ‘swf’, ‘tar’, ‘tbk’, ‘tgz’, ‘tif’, ‘vcd’, ‘vob’, ‘wav’, ‘wma’, ‘wmv’, ‘zip’]
    4-bit extensions for small-size files [‘agif’, ‘albm’, ‘apng’, ‘awdb’, ‘bean’, ‘cals’, ‘cdmm’, ‘cdmt’, ‘cdmz’, ‘cimg’, ‘clkw’, ‘colz’, ‘djvu’, ‘docb’, ‘docm’, ‘docx’, ‘docz’, ‘dotm’, ‘dotx’, ‘dtsx’, ‘emlx’, ‘epsf’, ‘fdxt’, ‘fodt’, ‘fpos’, ‘fwdn’, ‘gcdp’, ‘gdoc’, ‘gfie’, ‘glox’, ‘grob’, ‘gthr’, ‘icon’, ‘icpr’, ‘idea’, ‘info’, ‘itdb’, ‘java’, ‘jbig’, ‘jbmp’, ‘jfif’, ‘jrtf’, ‘kdbx’, ‘mbox’, ‘mgcb’, ‘mgmf’, ‘mgmt’, ‘mgmx’, ‘mgtx’, ‘mmat’, ‘mrxs’, ‘oplc’, ‘pano’, ‘pict’, ‘pjpg’, ‘pntg’, ‘pobj’, ‘potm’, ‘potx’, ‘ppam’, ‘ppsm’, ‘ppsx’, ‘pptm’, ‘pptx’, ‘psdx’, ‘psid’, ‘rctd’, ‘riff’, ‘scad’, ‘sdoc’, ‘sldm’, ‘sldx’, ‘svgz’, ‘text’, ‘utxt’, ‘vsdm’, ‘vsdx’, ‘vstm’, ‘vstx’, ‘wire’, ‘wmdb’, ‘xlgc’, ‘xlsb’, ‘xlsm’, ‘xlsx’, ‘xltm’, ‘xltx’, ‘zabw’]
    4-bit extensions for large-size files: [‘jpeg’, ‘mpeg’, ‘tiff’, ‘vmdk’]
    5-bit extensions for small-size files: [‘accdb’, ‘class’]<\/p>\n<\/div><\/div>\n\n\n\n

    2. Summary of signatures and behaviors in captured samples<\/strong><\/p>\n\n\n\n

    1. Key APIs of process injection
      NtAllocateVirtualMemoryã€NtWriteVirtualMemoryã€NtProtectVirtualMemoryã€NtCreateThreadExã€NtResumeThread<\/li>
    2. Key APIs of encryption
      CryptAcquireContextWã€CryptGenRandomã€CryptImportKeyã€CryptSetKeyParamã€CryptEncryptã€NtCreateFileã€NtQueryInformationFileã€NtReadFileã€NtWriteFile<\/li>
    3. Modify the default registry
      “HKCU\\SOFTWARE\\Classes\\AppX04g0mbrz4mkc6e879rpf6qk6te730jfv\\Shell\\open\\commandâ€to“wscript.exe \/B \/ E:VBScript.Encode ..\/..\/Users\/Public\/%RandomString%.rdbâ€<\/li>
    4. Use cmd.exe to create fodheler.exe process<\/li><\/ol>\n\n\n\n

      3. IOCs<\/strong><\/p>\n\n\n\n

      HASH list of published sample files:<\/p>\n\n\n\n

      \n

      934cfeb5ee3d2ba49831d76dffb1a2658326e1cd90b50779d6670eb2fbdc7ed1<\/p>\n\n\n\n

      6155453a58b0ba360fd18a32d838c4452fec374c364824b50447500c8fd12e80<\/p>\n\n\n\n

      5b2a5ac50977f41ac27590395bb89c1afd553e58f2979b680d545bff1530a17b<\/p>\n\n\n\n

      79590d91e9131918df458221e8fcb9c5e33d0200f05f9704dcf88167a5515b3f<\/p>\n\n\n\n

      7064eab88837bc68b8c5076300170cd73dbea046c9594b588779082396dbfe4c<\/p>\n\n\n\n

      a292ff42e0e1b58b13c867d2c94da2a5d34caa2e9c30b63610f7e12be5e7d3d9<\/p>\n\n\n\n

      dfa32d8ed7c429b020c0581148a55bc752c35834d7a2b1bae886f2b436285c94<\/p>\n\n\n\n

      c1d1402226179c66570d66290dff2238b6a9f918c81267a61d58f4807f0d911c<\/p>\n\n\n\n

      56fb0d5e2e216f2b4d9846517d9ed23b69fba4f19f2bad71cdce47d9081642eb<\/p>\n\n\n\n

      92ec900b0aa0f8a335cf63d4f313729da2831ffc7d15985adf2d98f2c85c3783<\/p>\n\n\n\n

      c7729a7817a3d63f71d6c9066bd87192d07992ae57fc3d3e6d0e67c5ab9fb213<\/p>\n\n\n\n

      9d665f87440c22e3ae209308e3712a83a67932643be019e18b1ae00dc4ab8cbd<\/p>\n\n\n\n

      b12461bdd88bb2a7f56d11324272ae2a766d560371b2725be6f9d3175fb32f8c<\/p>\n\n\n\n

      abeec5267f6eb9fc9f01f4688a53e83c87898845767b8cd8599c75dbce1766a8<\/p>\n\n\n\n

      aeee31c3649724686cb9ad17fe1ee2b70b1ad1b6cd77cb8b1997aa6e75d49cc5<\/p>\n\n\n\n

      1eba630a870ce1aa840219d77e280cfd05d3d5e5cdea6f382c1c2b8b14ddf04d<\/p>\n\n\n\n

      54a5b06060639a483a8f6c80c8f095fb41e3eb5e7c02c3ad4ba29ee3a9ed7aab<\/p>\n\n\n\n

      76c012f134e81138fb37ac3638488f309662efcc9bb4011ff8e54869f26bb119<\/p>\n\n\n\n

      56d301fe7a6b1a9e21898162b0dada9ff12878c539591052919fabcc36d28541<\/p>\n\n\n\n

      4936cf896d0e76d6336d07cc14fbe8a99fbe10ad3e682dbc12fdfe7070fd1b24<\/p>\n\n\n\n

      6a68217b951f9655e4a7ed13fcfc4696ac5d231450fe7d2be8b6a1d71425752c<\/p>\n\n\n\n

      05cf26eaea577417804075a2458ac63f58a56b7612653d3a4c2ce8fa752bd418<\/p>\n\n\n\n

      266f930572d3006c36ba7e97b4ffed107827decd7738a58c218e1ae5450fbe95<\/p>\n\n\n\n

      9095bbb4b123a353a856634166f193124bdc4591cb3a38922b2283acc1d966d6<\/p>\n\n\n\n

      98d96f56deaec6f0324126fcdd79fd8854d52ac2996d223d0cb0ab4cff13ff7c<\/p>\n\n\n\n

      0c5956b7f252408db7e7b0195bb5419ad3b8daa45ec1944c44e3ec1cca51920f<\/p>\n\n\n\n

      c4f9dbff435d873b4e8ecbab8c1b7d2dbdb969ac75af4b1d325e06eb4e51b3ad<\/p>\n\n\n\n

      5472bce876d0758fb1379260504b791a3b8c95b87fc365f5ce8c3a6424facd34<\/p>\n\n\n\n

      d0375fc9cbb564fb18e0afea926c7faf50464b9afb329913dd5486c7cbb36e2e<\/p>\n\n\n\n

      ad89fb8819f98e38cddf6135004e1d93e8c8e4cba681ba16d408c4d69317eb47<\/p>\n\n\n\n

      99f0e7f06831c6283f5f4dc261a7bcbe4109b4a6717b534c816ca65cd2f05dc4<\/p>\n\n\n\n

      b81f76bd5c6e66b9b3a4f2828e58d557091475bed656c9a8d13c8c0e4b7f3936<\/p>\n\n\n\n

      c6f1da2490fe78b1f281a98c32d6fa88d675598e658d4e660274047e36f1b189<\/p>\n\n\n\n

      dd30688a0e5ac08fc547f44b60f13ef664654c9a8977f7a5f8f619b08c09620b<\/p>\n\n\n\n

      c0bf9153ce1641791b357fdb5c2c596fbbf15991a86f510cc444bdb477574d44<\/p>\n\n\n\n

      bf50794c33eebc9dc2ce3902fe29f683a37da50de3654a2775baa74d0bbd1188<\/p>\n\n\n\n

      b8e76ad7c7857d9985b15dcd064664d198db7201cb9eb6a0e53d81b6002f7d29<\/p>\n\n\n\n

      cc1ce8c687450b082dd19a6c5d868f5798e52422172f91ee4b70cb5ffd9f6fcd<\/p>\n\n\n\n

      a587172f1bbe665cdfc0cbcec54e72d8b9048c77f344ba5076a17fbf620597de<\/p>\n\n\n\n

      c4560eee4b02dc0ef087e48848cc83b270068d167f613f04d43a64025e72c09f<\/p>\n\n\n\n

      82fcea3c48509a1724c0a6ded9e3d3cab775a86588119c35b79355105bd828c4<\/p>\n\n\n\n

      e993e4ddd05007e62e6e2d00e70927933446ff4bcae2b559bb6be3bc5e4ad2d8<\/p>\n\n\n\n

      5b513dfd8f94f9b6e962eb691caa56d52ab4453369108ae3b572e2ee7f9b555d<\/p>\n\n\n\n

      d2d3fbfa73dfeb73a6f5c59fefab8dd99dcff58cefeb0d3b3b1c1a8854178933<\/p>\n\n\n\n

      d80d90ef631bb60b773bf1211f3c53c1cac043674c85eb65dbc457656ba5d4cc<\/p>\n\n\n\n

      757cd5b65155cd115b71021685fcc52a42ee80aca247ea68f41aa0d82dc20fc0<\/p>\n\n\n\n

      bba85d79db69db1b638e24e0a426ccccdc5c95875b8c3a26aa959cce3f6c8575<\/p>\n\n\n\n

      beb5e1c5ba835f29e272b2942b27b63f6f15647f3da51754fcf53c277e0eccf7<\/p>\n\n\n\n

      f41ec94f9d0c7480df2196b3fc5493599d50de222d2c903b173db3e7caff8747<\/p>\n\n\n\n

      397aa7bcc4a574dc30f0a491e03be15da55fa898624c7b15d0197e72802d048d<\/p>\n\n\n\n

      6b18a287aa2c170605409a4675fd600d0597623d174445aaea5a2279bee0c145<\/p>\n\n\n\n

      46d8d6230083254fa324299fc609125ee404e4bbdd3936ddc0235ae21479b655<\/p>\n\n\n\n

      e8663c5c28d8591f06eb7995e0f22b7ae7909f9431786f8557f2c081e0e79fad<\/p>\n\n\n\n

      d3f626d3e533f3b4aa0599c231210d53f709c46f0cfc3d28f0303df544a39b1b<\/p>\n\n\n\n

      814061567356daf6306eb673cfb97cab264c798320bf1b432d396b66393adf83<\/p>\n\n\n\n

      2c93879d024238d23270fab734a5ba530bfba2d35b44d265c8be3c93ff8cf463<\/p>\n\n\n\n

      3055baf30466f1c0f4cd5b78d05fe32ef7fd406dead3ecfcbdef464fdee551b8<\/p>\n\n\n\n

      568e1e3d55a6146f0f899159c3a5183362b8b13304109b49f7394a9fe8c69ea7<\/p>\n\n\n\n

      932d2330dc3c1366a8e956183858246c4052027cae1590d2211186be648fdcf4<\/p>\n\n\n\n

      dfabd6462ab2ecb9fb0cea7caa257841a751c1e91118168ef5a082cf8a25210f<\/p>\n\n\n\n

      fbd69303e6255aae830daba957c8ef62eb6d23340274eb8058826a08e82773db 123d7744a407af376b4ee4402ff8bee588b40540bcfba22fb64768d1de8c1861<\/p>\n<\/div><\/div>\n\n\n\n

      Published domain names:<\/p>\n\n\n\n

      \n

      totwo[.]pw<\/p>\n\n\n\n

      ittakes[.]fun<\/p>\n\n\n\n

      catat[.]site<\/p>\n\n\n\n

      tinpick[.]online<\/p>\n\n\n\n

      pirlay[.]fun<\/p>\n\n\n\n

      buyaims[.]online<\/p>\n\n\n\n

      orhung[.]space actred[.]site<\/p>\n<\/div><\/div>\n\n\n\n

      Reference<\/strong><\/p>\n\n\n\n

      • https:\/\/threatresearch.ext.hp.com\/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates\/<\/li>
      • https:\/\/github.com\/med0x2e\/GadgetToJScript<\/li>
      • https:\/\/winscripting.blog\/2017\/05\/12\/first-entry-welcome-and-uac-bypass\/<\/li><\/ul>\n\n\n\n

        Statement<\/strong><\/p>\n\n\n\n

        This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n

        <\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"

        Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily used to blackmail individuals with a relatively low ransom around USD 2,500. The Magniber ransomware can neither be transmitted automatically nor used to upload user files, but encrypt files only. Here listed […]<\/p>\n","protected":false},"author":1,"featured_media":21856,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[504],"class_list":["post-21822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-magniber-ransomware"],"acf":[],"yoast_head":"\nStay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-26T08:57:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware\",\"datePublished\":\"2022-10-26T08:57:37+00:00\",\"dateModified\":\"2026-04-17T18:07:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/\"},\"wordCount\":3102,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/stock-image-412698348-XL-scaled-e1666774445940.jpg\",\"keywords\":[\"Magniber ransomware;\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/\",\"name\":\"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/stock-image-412698348-XL-scaled-e1666774445940.jpg\",\"datePublished\":\"2022-10-26T08:57:37+00:00\",\"dateModified\":\"2026-04-17T18:07:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/stock-image-412698348-XL-scaled-e1666774445940.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/stock-image-412698348-XL-scaled-e1666774445940.jpg\",\"width\":300,\"height\":212,\"caption\":\"Laptop screen displaying ransomware alert message.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS","og_description":"Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily","og_url":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/","og_site_name":"NSFOCUS","article_published_time":"2022-10-26T08:57:37+00:00","article_modified_time":"2026-04-17T18:07:43+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS","twitter_description":"Overview The Magniber is a notorious ransomware. Unlike the common ransomware families such as Hive and LockBit that target companies, it is primarily","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"12 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware","datePublished":"2022-10-26T08:57:37+00:00","dateModified":"2026-04-17T18:07:43+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/"},"wordCount":3102,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","keywords":["Magniber ransomware;"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/","url":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/","name":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","datePublished":"2022-10-26T08:57:37+00:00","dateModified":"2026-04-17T18:07:43+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/10\/stock-image-412698348-XL-scaled-e1666774445940.jpg","width":300,"height":212,"caption":"Laptop screen displaying ransomware alert message."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/stay-alert-to-traps-in-updates-a-new-variant-of-magniber-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Stay Alert to Traps in Updates: A New Variant of Magniber Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/21822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=21822"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/21822\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/21856"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=21822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=21822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=21822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}