Rhysida Ransomware analysis - A painful sting to Insomniac Games — ShadowStackRE
Tags
Common Information
Type | Value |
---|---|
UUID | 4dfbd58a-47dd-41f4-ac10-0cbe688b16ef |
Fingerprint | 9c3cdd3034698619 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 13, 2024, midnight |
Added to db | Aug. 31, 2024, 10:57 a.m. |
Last updated | Dec. 11, 2024, 10:04 a.m. |
Headline | Rhysida Ransomware |
Title | Rhysida Ransomware analysis - A painful sting to Insomniac Games — ShadowStackRE |
Detected Hints/Tags/Attributes | 52/1/17 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.shadowstackre.com/analysis/rhysida |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 434 | ✔ | ShadowStackRE | https://www.shadowstackre.com/analysis?format=rss | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 158 | cisa.gov |
|
Details | Domain | 4283 | github.com |
|
Details | Domain | 10 | shadowstackre.com |
|
Details | Domain | 19 | opensource.org |
|
Details | File | 2196 | cmd.exe |
|
Details | File | 98 | wevtutil.exe |
|
Details | File | 357 | vssadmin.exe |
|
Details | File | 146 | thumbs.db |
|
Details | File | 1044 | rundll32.exe |
|
Details | File | 299 | user32.dll |
|
Details | File | 19 | criticalbreachdetected.pdf |
|
Details | Github username | 3 | libtom |
|
Details | sha256 | 1 | b55ecbddcbed916481ad537807cd3e33cb71814be6ce8e03eb63b629ccb8c692 |
|
Details | Url | 1 | https://github.com/libtom/libtommath |
|
Details | Url | 10 | https://opensource.org/license/mit |
|
Details | Windows Registry Key | 1 | HKCU\Contol |
|
Details | Yara rule | 1 | rule RhysidaRansomware { meta: description = "rule to detect Rhysida Ransomware" author = "ShadowStackRe.com" date = "2023-12-12" Rule_Version = "v1" malware_type = "ransomware" malware_family = "Rhysida" License = "MIT License, https://opensource.org/license/mit/" strings: $strShadowCopy = " vssadmin.exe Delete Shadows" $strRhsyida01 = "Rhysida-0.1" $strRhysida = "rhysida" $strRegKey1 = "cmd.exe /c reg delete \"HKCU\\Contol Panel\\Desktop" $strRegKey2 = "Policies\\ActiveDesktop\" /v NoChangingWallPaper" $strRunDll32 = "rundll32.exe user32.dll,UpdatePerUserSystemParameters" $strPDF = "CriticalBreachDetected.pdf" condition: all of them } |