RansomHub: New Ransomware has Origins in Older Knight

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/08/2024

    Severity: High

    Summary

    "RansomHub: New Ransomware has Origins in Older Knight" likely discusses a newly discovered ransomware variant named RansomHub, tracing its origins to an older malware strain known as Knight. The summary would explore how RansomHub builds upon the techniques and codebase of Knight, possibly enhancing its capabilities or targeting new vulnerabilities. It would highlight the evolution of ransomware tactics and the potential impact on cybersecurity, urging vigilance and proactive measures to protect against such threats.

    Indicators of Compromise (IOC) list:

    Hash

    02e9f0fbb7f3acea4fcf155dc7813e15c1c8d1c77c3ae31252720a9fa7454292

34e479181419efd0c00266bef0210f267beaa92116e18f33854ca420f65e2087

7539bd88d9bb42d280673b573fc0f5783f32db559c564b95ae33d720d9034f5a

8f59b4f0f53031c555ef7b2738d3a94ed73568504e6c07aa1f3fa3f1fd786de7

ea9f0bd64a3ef44fe80ce1a25c387b562a6b87c4d202f24953c3d9204386cf00

104b22a45e4166a5473c9db924394e1fe681ef374970ed112edd089c4c8b83f2

2f3d82f7f8bd9ff2f145f9927be1ab16f8d7d61400083930e36b6b9ac5bbe2ad

36e5be9ed3ec960b40b5a9b07ba8e15d4d24ca6cd51607df21ac08cda55a5a8e

595cd80f8c84bc443eff619add01b86b8839097621cdd148f30e7e2214f2c8cb

7114288232e469ff368418005049cf9653fe5c1cdcfcd63d668c558b0a3470f2

e654ef69635ab6a2c569b3f8059b06aee4bce937afb275ad4ec77c0e4a712f23

fb9f9734d7966d6bc15cce5150abb63aadd4223924800f0b90dc07a311fb0a7e

f1a6e08a5fd013f96facc4bb0d8dfb6940683f5bdfc161bd3a1de8189dea26d3

a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash

    sha256hash IN (“02e9f0fbb7f3acea4fcf155dc7813e15c1c8d1c77c3ae31252720a9fa7454292”)

sha256hash IN (“34e479181419efd0c00266bef0210f267beaa92116e18f33854ca420f65e2087”)

sha256hash IN (“7539bd88d9bb42d280673b573fc0f5783f32db559c564b95ae33d720d9034f5a”)

sha256hash IN (“8f59b4f0f53031c555ef7b2738d3a94ed73568504e6c07aa1f3fa3f1fd786de7”)

sha256hash IN (“ea9f0bd64a3ef44fe80ce1a25c387b562a6b87c4d202f24953c3d9204386cf00”)

sha256hash IN (“104b22a45e4166a5473c9db924394e1fe681ef374970ed112edd089c4c8b83f2”)

sha256hash IN (“2f3d82f7f8bd9ff2f145f9927be1ab16f8d7d61400083930e36b6b9ac5bbe2ad”)

sha256hash IN (“36e5be9ed3ec960b40b5a9b07ba8e15d4d24ca6cd51607df21ac08cda55a5a8e”)

sha256hash IN (“595cd80f8c84bc443eff619add01b86b8839097621cdd148f30e7e2214f2c8cb”)

sha256hash IN (“7114288232e469ff368418005049cf9653fe5c1cdcfcd63d668c558b0a3470f2”)

sha256hash IN (“e654ef69635ab6a2c569b3f8059b06aee4bce937afb275ad4ec77c0e4a712f23”)

sha256hash IN (“fb9f9734d7966d6bc15cce5150abb63aadd4223924800f0b90dc07a311fb0a7e”)

sha256hash IN (“f1a6e08a5fd013f96facc4bb0d8dfb6940683f5bdfc161bd3a1de8189dea26d3”)

sha256hash IN (“a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2”)

    Reference:

    https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware

    https://areteir.com/article/ransomhub-raas-group-zerologon-exploits/

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.