Today > vulnerabilities   -   You can now download lists of IOCs here!

Key Group: another ransomware group using leaked builders

Oct. 1, 2024, 8:53 p.m.

Tags
ransomware
persistence
njrat
wiper
github
telegram
chaos
financially motivated
2024-10-01
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry
External References
Description

Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tactics evolving over time. They deliver malware through multi-stage loaders, often using GitHub repositories for distribution. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for spam raids on Telegram channels.

Date

Published: Oct. 1, 2024, 7:48 p.m.

Created: Oct. 1, 2024, 7:48 p.m.

Modified: Oct. 1, 2024, 8:53 p.m.

Attack Patterns

Hakuna Matata

Judge/NoCry

UX-Cryptor

RuRansom

Slam

Annabelle

Xorist

Chaos - S0220

LV

Bladabindi

Njw0rm

njRAT - S0385

Key Group

T1561.002

T1562.004

T1568

T1102.002

T1490

T1564.001

T1059.001

T1547.001

T1562.001

T1204.002

T1573

T1489

T1486

T1105

T1566.001

T1036

T1027

T1112

Additional Informations

Russian Federation