BianLian Ransomware Group: 2024 Activity Analysis
July 12, 2024, 4:19 p.m.
Tags
External References
Description
The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The analysis covers BianLian's 2024 victimology, infrastructure, backdoor tool, and command and control (C2) communications, providing insights into their targeting strategies, infrastructure choices, and malware development approaches.
Date
Published: July 12, 2024, 4:01 p.m.
Created: July 12, 2024, 4:01 p.m.
Modified: July 12, 2024, 4:19 p.m.
Indicators
f9421165e4a62c7a1941b7b3fa73ac6f2149e7ffab3a6a622406baabf1933a2e
b12be86af46b0267d86fcacef0a58bad0d157a7a044f89a453082b32503bd3c0
834ab96263cca7b01b3ae6549a9811b56204e714402215ce37fb602732b981d1
72d91293ff1a91587af3997081f65eac819d2ff73655837dc68a447d371ca2f1
3b309c076c26f27f42dbab8c89f05df51c414e87529251dc2d9946e7bc694f29
45.56.165.131
146.59.102.74
104.238.61.20
Attack Patterns
BianLian
BianLian
T1027.003
T1045
T1076
T1528
T1573.002
T1059.005
T1555.003
T1027.002
T1136
T1059.001
T1059.007
T1505
T1082
T1083
T1071
T1543
T1027
T1190
T1078
T1059
Additional Informations
Engineering
Legal Services
Accounting
Healthcare
Transportation
Logistics
Finance
Manufacturing