Back

Key Group uses leaked builders of ransomware and wipers

Oct. 2, 2024, 10:52 a.m.

Tags

phishing
ransomware
persistence
njrat
wiper
telegram
chaos
2024-10-02
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry

External References

https://otx.alienvault.com/

https://securelist.com/

Description

Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group has been active since 2022, using various leaked ransomware builders and wipers, including Xorist, Chaos, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. They distribute their malware through phishing emails and GitHub repositories, often using multi-stage loaders. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for conducting spam raids on Telegram channels. Key Group's use of publicly available ransomware builders highlights a growing trend among cybercriminal groups.

Date

Published Created Modified
Oct. 2, 2024, 8:51 a.m. Oct. 2, 2024, 8:51 a.m. Oct. 2, 2024, 10:52 a.m.

Indicators

f981e6f147e30b54a386239409d381801ecf082f64bffb91f8f8b05b89236fa3

f43a122bd4356516d170e63185e0a523d17b9a2022e58d3b16e72e42bcf5e914

dc8abf94a1c51cb7bfe4172fca1b5e3fe8b42eefc9e17b45ce5263e5d5cabb16

f37452ab619dac62881a4de8dc2d716c7a0cb023ca8f20abf40bc7d3f198172f

da5e78ad0e38c951bb4b53adcc5afe693c2e33533a45a9c666a8dc9852766ffd

cf9be6bf5426c5138d3e6102ff1524480e1154aa29cb67d81a1a2d9087ebf471

ca073b77bb9d36ab8aeec19b780f59024b5bb5d985312fb9ad0aa52adeb28775

c4bfc91bdf1a923a602819485e98f26406b0293c83e0552635bef374420430c4

b83cdc460fda3201dda1f3127e51041bd929101de1033d420a1c450890411564

bf17f462722749cdbad455170d45b0b314311178207921a3ea9144b03eb31eb2

b26784415a946873e073c3838499fb1bea96f1b6a637e15f1ae85662f8598979

91b620e308d2b19a3ddbad0b8ecb49de9afa28d13f6aaac201c5fd2c03f4dd45

8da2c94ce8fdf080155fbf1a373751eaeecd19d7acb2c67d9fe3591ca59a570f

7eb42bb9392020befa617a3bc5f98e11eb1e4cfae22e1dde1b3b7cabc225a325

6b96ca1829e4c8612b90865bd69b11ca98508acad7338e89a28e676576feceea

4ed9ef7eef055ac73033b823d7d89a84acf80669ffbc88eac7b6c5093722dc82

40040e55f9d9d3485ef73b98b994ef895ae0dd2fd3e187d027e3a1106a1e2650

3067211fbac8c7dab30074dc15c280b91589e14680d89e2927ccf2e470d2dbd3

24533220477a29dd5f2179f66295d75e9e4401a0c413fddd8b3bce9de7fd65f8

1dc05f28533a88807c1dca013c1bffa9a7afd78da1426c1fc329861dab11e5f5

0353e25eb6b5a7151861a6f69c3c4505a3021d1831376c3374a091f8e4cd1112

0cbca1a748510ca17fa6af478c90e8c2faccd885ed36ad54fb211b427c94161c

1319bcc0aa02b8aa4aff182005ce9cd2a6b43b295844ba98221da623397a4cb6

Attack Patterns

Hakuna Matata

Judge/NoCry

UX-Cryptor

RuRansom

Slam

Annabelle

Xorist

Chaos - S0220

LV

Bladabindi

Njw0rm

njRAT - S0385

Key Group

T1562.004

T1102.001

T1543.003

T1490

T1037

T1027.002

T1059.001

T1547.001

T1070.004

T1562.001

T1486

T1204

T1140

T1027

T1053

T1112

T1566

Additional Informations

Russian Federation