Description
Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tactics evolving over time. They deliver malware through multi-stage loaders, often using GitHub repositories for distribution. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for spam raids on Telegram channels.
Date
| Published | Created | Modified |
|---|---|---|
| Oct. 1, 2024, 7:48 p.m. | Oct. 1, 2024, 7:48 p.m. | Oct. 1, 2024, 8:53 p.m. |
Attack Patterns
Hakuna Matata
Judge/NoCry
UX-Cryptor
RuRansom
Slam
Annabelle
Xorist
Chaos - S0220
LV
Bladabindi
Njw0rm
njRAT - S0385
Key Group
T1561.002
T1562.004
T1568
T1102.002
T1490
T1564.001
T1059.001
T1547.001
T1562.001
T1204.002
T1573
T1489
T1486
T1105
T1566.001
T1036
T1027
T1112
Additional Informations
Russian Federation