From RA Group to RA World: Evolution of a Ransomware Group

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/24/2024

    Severity: High

    Summary

    "From RA Group to RA World: Evolution of a Ransomware Group" explores the transformation of a ransomware organization from its humble beginnings to a global threat. It details how the group expanded its operations, developed sophisticated techniques, and adapted to countermeasures by law enforcement and cybersecurity professionals. The paper highlights key milestones in the group's evolution and sheds light on the broader implications of ransomware activities in the digital age.

    Indicators of Compromise (IOC) List

    Hash

    0183edb40f7900272f63f0392d10c08a3d991af41723ecfd38abdfbfdf21de0a

1066395126da32da052f39c9293069f9bcc1c8d28781eb9d44b35f05ce1fd614

108a3966b001776c0cadac27dd9172e506069cb35d4233c140f2a3c467e043d0

25ba2412cf0b97353fa976f99fdd2d9ecbbe1c10c1b2a62a81d0777340ce0f0a

2a4e83ff1c48baa3d526d51d09782933cec6790d5fa8ccea07633826f378b18a

2d22cbe3b1d13af824d10bb55b61f350cb958046adf5509768a010df53409aa8

31105fb81a54642024ef98921a524bf70dec655905ed9a2f5e24ad503188d8ae

31ac190b45cc32c04c2415761c7f152153e16750516df0ce0761ca28300dd6a4

330730d65548d621d46ed9db939c434bc54cada516472ebef0a00422a5ed5819

36ce5b2c97892f86fd0e66d9dd6c4fbd4a46e7f91ea55cc1f51dee3a03417a3a

4392dcce97df199e00efb7a301e26013a44ee79d9b4175d4539fae9aed4f750b

57225f38b58564cf7ec1252fbf12475abee58bd6ea9500eb7570c49f8dc6a64c

74fb402bc2d7428a61f1ac03d2fb7c9ff8094129afd2ec0a65ef6a373fd31183

7c14a3908e82a0f3c679402cf060a0bcae7791bdc25715a49ee7c1fc08215c93

817b7dab5beba22a608015310e918fc79fe72fa78b44b68dd13a487341929e81

826f05b19cf1773076a171ef0b05613f65b3cc39a5e98913a3c9401e141d5285

8e4f9e4c2bb563c918fbe13595de9a32b307e2ce9f1f48c06b168dbbb75b5e89

93aae0d740df62b5fd57ac69d7be75d18d16818e87b70ace5272932aa44f23e4

9479a5dc61284ccc3f063ebb38da9f63400d8b25d8bca8d04b1832f02fac24de

af4a08bbe9f698a8a9666c76c6bdac9a29b7a9572e025f85f2a6f62c293c0f5e

b2b59f10e6bdbe4a1f8ff560dbfe0d9876cbb05c7c27540bd824b17ceb082d62

bb63887c03628a3f001d0e93ab60c9797d4ca3fb78a8d968b11fc19da815da2f

bc2caec044efe0890496c56f29d7c73e3915740bc5fda7085bb2bb89145621e5

d0c8dc7791e9462b6741553a411a5bfa5f4a9ad4ffcf91c0d2fc3269940e48a2

d311674e5e964e7a2408b0b8816b06587b2e669221f0e100d4e0d4a914c6202c

e31f5ebff2128decd36d24af7e155c3011a9afdc36fd14480026de151e1ecee2

f1c576ed08abbb21d546a42a0857a515d617db36d2e4a49bedd9c25034ccd1e2

62cd46988f179edf8013515c44cbb7563fc216d4e703a2a2a249fe8634617700

ab7d8832e35bba30df50a7cca7cefd9351be4c5e8961be2d0b27db6cd22fc036

feab413f86532812efc606c3b3224b7c7080ae4aa167836d7233c262985f888c

a4dfa099e1f52256ad4a3b2db961e158832b739126b80677f82b0722b0ea5e59

07ab218d5c865cb4fe78353340ab923e24a1f2881ec7206520651c5246b1a492

dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash

    sha256hash IN ("57225f38b58564cf7ec1252fbf12475abee58bd6ea9500eb7570c49f8dc6a64c","826f05b19cf1773076a171ef0b05613f65b3cc39a5e98913a3c9401e141d5285","25ba2412cf0b97353fa976f99fdd2d9ecbbe1c10c1b2a62a81d0777340ce0f0a","74fb402bc2d7428a61f1ac03d2fb7c9ff8094129afd2ec0a65ef6a373fd31183","817b7dab5beba22a608015310e918fc79fe72fa78b44b68dd13a487341929e81","330730d65548d621d46ed9db939c434bc54cada516472ebef0a00422a5ed5819","f1c576ed08abbb21d546a42a0857a515d617db36d2e4a49bedd9c25034ccd1e2","d0c8dc7791e9462b6741553a411a5bfa5f4a9ad4ffcf91c0d2fc3269940e48a2","7c14a3908e82a0f3c679402cf060a0bcae7791bdc25715a49ee7c1fc08215c93","2d22cbe3b1d13af824d10bb55b61f350cb958046adf5509768a010df53409aa8","af4a08bbe9f698a8a9666c76c6bdac9a29b7a9572e025f85f2a6f62c293c0f5e","bb63887c03628a3f001d0e93ab60c9797d4ca3fb78a8d968b11fc19da815da2f","2a4e83ff1c48baa3d526d51d09782933cec6790d5fa8ccea07633826f378b18a","07ab218d5c865cb4fe78353340ab923e24a1f2881ec7206520651c5246b1a492","e31f5ebff2128decd36d24af7e155c3011a9afdc36fd14480026de151e1ecee2","9479a5dc61284ccc3f063ebb38da9f63400d8b25d8bca8d04b1832f02fac24de","31105fb81a54642024ef98921a524bf70dec655905ed9a2f5e24ad503188d8ae","108a3966b001776c0cadac27dd9172e506069cb35d4233c140f2a3c467e043d0","b2b59f10e6bdbe4a1f8ff560dbfe0d9876cbb05c7c27540bd824b17ceb082d62","1066395126da32da052f39c9293069f9bcc1c8d28781eb9d44b35f05ce1fd614","93aae0d740df62b5fd57ac69d7be75d18d16818e87b70ace5272932aa44f23e4","36ce5b2c97892f86fd0e66d9dd6c4fbd4a46e7f91ea55cc1f51dee3a03417a3a","0183edb40f7900272f63f0392d10c08a3d991af41723ecfd38abdfbfdf21de0a","4392dcce97df199e00efb7a301e26013a44ee79d9b4175d4539fae9aed4f750b","31ac190b45cc32c04c2415761c7f152153e16750516df0ce0761ca28300dd6a4","feab413f86532812efc606c3b3224b7c7080ae4aa167836d7233c262985f888c","8e4f9e4c2bb563c918fbe13595de9a32b307e2ce9f1f48c06b168dbbb75b5e89","d311674e5e964e7a2408b0b8816b06587b2e669221f0e100d4e0d4a914c6202c","bc2caec044efe0890496c56f29d7c73e3915740bc5fda7085bb2bb89145621e5")

    Reference:

    https://unit42.paloaltonetworks.com/ra-world-ransomware-group-updates-tool-set/#section8SubHeading3

    https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.