BianLian Ransomware Group: 2024 Activity Analysis

July 12, 2024, 4:19 p.m.

Description

The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The analysis covers BianLian's 2024 victimology, infrastructure, backdoor tool, and command and control (C2) communications, providing insights into their targeting strategies, infrastructure choices, and malware development approaches.

External References

https://blogs.juniper.net/en-us/security/bianlian-ransomware-group-2024-activity-analysis
https://otx.alienvault.com/pulse/6691536d066317bd5308679a
Tags
ransomware
extortion
cybercrime
bianlian
2024-07-12
data breach

Date

  • Created: July 12, 2024, 4:01 p.m.
  • Published: July 12, 2024, 4:01 p.m.
  • Modified: July 12, 2024, 4:19 p.m.

Indicators

  • f9421165e4a62c7a1941b7b3fa73ac6f2149e7ffab3a6a622406baabf1933a2e
  • b12be86af46b0267d86fcacef0a58bad0d157a7a044f89a453082b32503bd3c0
  • 834ab96263cca7b01b3ae6549a9811b56204e714402215ce37fb602732b981d1
  • 72d91293ff1a91587af3997081f65eac819d2ff73655837dc68a447d371ca2f1
  • 3b309c076c26f27f42dbab8c89f05df51c414e87529251dc2d9946e7bc694f29
  • 45.56.165.131
  • 146.59.102.74
  • 104.238.61.20
Download all indicators here!

Attack Patterns

  • BianLian
  • BianLian

Additional Informations

  • Engineering
  • Legal Services
  • Accounting
  • Healthcare
  • Transportation
  • Logistics
  • Finance
  • Manufacturing