SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.ftcode (Back to overview)

FTCODE

The malware ftcode is a ransomware which encrypts files and changes their extension into .FTCODE. It later asks for a ransom in order to release the decryption key, mandatory to recover your files. It is infamous for attacking Italy pretending to be a notorious telecom provider asking for due payments.

References
2020-06-22Github (StrangerealIntel)Twitter (@Arkbird_SOLG)
@online{arkbirdsolg:20200622:ftcode:1f79b62, author = {Twitter (@Arkbird_SOLG)}, title = {{FTcode targets European countries}}, date = {2020-06-22}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Additional%20Analysis/Unknown/2020-06-22/Analysis.md}, language = {English}, urldate = {2020-06-24} } FTcode targets European countries
FTCODE
2020-01-21KPNKPN
@online{kpn:20200121:ftcode:358aca5, author = {KPN}, title = {{FTCODE: taking over (a portion of) the botnet}}, date = {2020-01-21}, organization = {KPN}, url = {https://www.kpn.com/security-blogs/FTCODE-taking-over-a-portion-of-the-botnet.htm}, language = {English}, urldate = {2020-01-22} } FTCODE: taking over (a portion of) the botnet
FTCODE
2020-01-16ZscalerRajdeepsinh Dodia, Amandeep Kumar, Atinderpal Singh
@online{dodia:20200116:ftcode:9e80307, author = {Rajdeepsinh Dodia and Amandeep Kumar and Atinderpal Singh}, title = {{FTCODE Ransomware - New Version Includes Stealing Capabilities}}, date = {2020-01-16}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/ftcode-ransomware--new-version-includes-stealing-capabilities}, language = {English}, urldate = {2020-01-27} } FTCODE Ransomware - New Version Includes Stealing Capabilities
FTCODE
2019-10-02Dissecting MalwareMarius Genheimer
@online{genheimer:20191002:nicht:20adbf8, author = {Marius Genheimer}, title = {{Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)}}, date = {2019-10-02}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/nicht-so-goot-breaking-down-gootkit-and-jasper-ftcode.html}, language = {English}, urldate = {2020-03-27} } Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
FTCODE JasperLoader GootKit
2019-10-02CertegoMatteo Lodi, Marco Bompani
@online{lodi:20191002:malware:4f9442c, author = {Matteo Lodi and Marco Bompani}, title = {{Malware Tales: FTCODE}}, date = {2019-10-02}, organization = {Certego}, url = {https://www.certego.net/en/news/malware-tales-ftcode/}, language = {English}, urldate = {2020-01-07} } Malware Tales: FTCODE
FTCODE
2013-03-05Sophos Naked SecurityAnand Ajjan
@online{ajjan:20130305:russian:4bb6a48, author = {Anand Ajjan}, title = {{Russian ransomware takes advantage of Windows PowerShell}}, date = {2013-03-05}, organization = {Sophos Naked Security}, url = {https://nakedsecurity.sophos.com/2013/03/05/russian-ransomware-windows-powershell/}, language = {English}, urldate = {2020-01-27} } Russian ransomware takes advantage of Windows PowerShell
FTCODE

There is no Yara-Signature yet.