Threat Landscape Dashboard

Assessing today's threats and the relationships between them

IQY - Ransomware

A new variant of the Paradise ransomware was discovered using weaponized Microsoft Office IQY files attached to spear-phishing emails. The IQY, or Internet Query files, used PowerShell to download and run a malicious executable which checked the victim's language and exit if Russian, Kazakh, Belarusian, Ukrainian, or Tatar is found. Multiple defense evasions are carried out by the malicious software including disabling Windows Defender, software packing, and obfuscation.
Name Modified Date Sources
IQY - Ransomware 2020-03-19