01flip: Multi-Platform Ransomware Written in Rust

    Thursday, December 11, 2025 In: Threat Research Print

    Date: 12/11/2025

    Severity: High

    Summary

    In June 2025, we identified a new ransomware family called 01flip targeting a small set of victims in the Asia-Pacific region. Written entirely in Rust, it leverages cross-compilation to support multiple platforms. The attackers appear to be financially motivated and likely executed the operation manually. Shortly after the intrusion, an alleged data leak from one affected organization surfaced on a dark-web forum. We are monitoring this activity under the tracking ID CL-CRI-1036. This designation reflects a cluster of malicious behavior consistent with cybercrime.

    Indicators of Compromise (IOC) List

    Hash :

    6aad1c36ab9c7c44350ebe3a17178b4fd93c2aa296e2af212ab28d711c0889a3

    e5834b7bdd70ec904470d541713e38fe933e96a4e49f80dbfb25148d9674f957

    ba41f0c7ea36cefe7bc9827b3cf27308362a4d07a8c97109704df5d209bce191

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("6aad1c36ab9c7c44350ebe3a17178b4fd93c2aa296e2af212ab28d711c0889a3","e5834b7bdd70ec904470d541713e38fe933e96a4e49f80dbfb25148d9674f957","ba41f0c7ea36cefe7bc9827b3cf27308362a4d07a8c97109704df5d209bce191")

    Reference:

    https://unit42.paloaltonetworks.com/new-ransomware-01flip-written-in-rust/


    Tags

    MalwareRansomware01flipAsiaFinancial Services

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.