BianLian Ransomware Group: 2024 Activity Analysis

July 12, 2024, 4:19 p.m.

Description

The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The analysis covers BianLian's 2024 victimology, infrastructure, backdoor tool, and command and control (C2) communications, providing insights into their targeting strategies, infrastructure choices, and malware development approaches.

Date

Published: July 12, 2024, 4:01 p.m.

Created: July 12, 2024, 4:01 p.m.

Modified: July 12, 2024, 4:19 p.m.

Indicators

f9421165e4a62c7a1941b7b3fa73ac6f2149e7ffab3a6a622406baabf1933a2e

b12be86af46b0267d86fcacef0a58bad0d157a7a044f89a453082b32503bd3c0

834ab96263cca7b01b3ae6549a9811b56204e714402215ce37fb602732b981d1

72d91293ff1a91587af3997081f65eac819d2ff73655837dc68a447d371ca2f1

3b309c076c26f27f42dbab8c89f05df51c414e87529251dc2d9946e7bc694f29

45.56.165.131

146.59.102.74

104.238.61.20

Attack Patterns

BianLian

BianLian

T1027.003

T1045

T1076

T1528

T1573.002

T1059.005

T1555.003

T1027.002

T1136

T1059.001

T1059.007

T1505

T1082

T1083

T1071

T1543

T1027

T1190

T1078

T1059

Additional Informations

Engineering

Legal Services

Accounting

Healthcare

Transportation

Logistics

Finance

Manufacturing