Introduction
Globe is a ransomware family that first appeared in August 2016, notable for its highly customizable codebase that allows operators to configure ransom note text, encryption algorithms, and file extensions. Globe uses symmetric encryption (RC4 or AES) to lock files and typically appends custom extensions such as .GLOBE, .PURPLE, .HNY, or others set by the attacker. The malware is distributed through malicious spam emails with infected attachments, compromised websites, and exploit kits. Globe’s flexibility made it attractive to low-skilled actors, resulting in many different variants in the wild. The family has primarily targeted small to medium-sized businesses and individual users across multiple regions, with no clear geographic focus.
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Small-Net:
- Xploit:
- GraphicBooting:
- Killer RAT:
- CrossRat:
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.