Ransomware Roundup – Lynx

    Monday, February 17, 2025 In: Threat Research Print

    Date: 02/17/2025

    Severity: High

    Summary

    The "Ransomware Roundup – Lynx" reveals that the first sample of Lynx ransomware surfaced in early July 2024, coinciding with other reports of its availability. Research shows that Lynx shares similarities with the earlier INC ransomware, which debuted in July 2023. While INC ransomware offers fewer execution options, it appears to be a predecessor to Lynx. Notably, while INC ransomware targets both Windows and ESXi platforms, Lynx is currently only found on Windows environments.

    Indicators of Compromise (IOC) List

    Hash

    468e3c2cb5b0bbc3004bbf5272f4ece5c979625f7623e6d71af5dc0929b89d6a

b378b7ef0f906358eec595777a50f9bb5cc7bb6635e0f031d65b818a26bdc4ee

432f549e9a2a76237133e9fe9b11fbb3d1a7e09904db5ccace29918e948529c6

4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412

9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896

d5ca3e0e25d768769e4afda209aca1f563768dae79571a38e3070428f8adf031

ecbfea3e7869166dd418f15387bc33ce46f2c72168f571071916b5054d7f6e49

97c8f54d70e300c7d7e973c4b211da3c64c0f1c95770f663e04e35421dfb2ba0

f71fc818362b1465fc1deb361de36badc73ac4dd9e815153c9022f82c4062787

31de5a766dca4eaae7b69f807ec06ae14d2ac48100e06a30e17cc9acccfd5193

571f5de9dd0d509ed7e5242b9b7473c2b2cbb36ba64d38b32122a0a337d6cf8b

589ff3a5741336fa7c98dbcef4e8aecea347ea0f349b9949c6a5f6cd9d821a23

3e68e5742f998c5ba34c2130b2d89ca2a6c048feb6474bc81ff000e1eaed044e

80908a51e403efd47b1d3689c3fb9447d3fb962d691d856b8b97581eefc0c441

85699c7180ad77f2ede0b15862bb7b51ad9df0478ed394866ac7fa9362bf5683

eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    sha256hash IN ("468e3c2cb5b0bbc3004bbf5272f4ece5c979625f7623e6d71af5dc0929b89d6a","b378b7ef0f906358eec595777a50f9bb5cc7bb6635e0f031d65b818a26bdc4ee","432f549e9a2a76237133e9fe9b11fbb3d1a7e09904db5ccace29918e948529c6","4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412","9a47ab27d50df1faba1dc5777bdcfff576524424bc4a3364d33267bbcf8a3896","d5ca3e0e25d768769e4afda209aca1f563768dae79571a38e3070428f8adf031","ecbfea3e7869166dd418f15387bc33ce46f2c72168f571071916b5054d7f6e49","97c8f54d70e300c7d7e973c4b211da3c64c0f1c95770f663e04e35421dfb2ba0","f71fc818362b1465fc1deb361de36badc73ac4dd9e815153c9022f82c4062787","31de5a766dca4eaae7b69f807ec06ae14d2ac48100e06a30e17cc9acccfd5193","571f5de9dd0d509ed7e5242b9b7473c2b2cbb36ba64d38b32122a0a337d6cf8b","589ff3a5741336fa7c98dbcef4e8aecea347ea0f349b9949c6a5f6cd9d821a23","3e68e5742f998c5ba34c2130b2d89ca2a6c048feb6474bc81ff000e1eaed044e","80908a51e403efd47b1d3689c3fb9447d3fb962d691d856b8b97581eefc0c441","85699c7180ad77f2ede0b15862bb7b51ad9df0478ed394866ac7fa9362bf5683","eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc")

    Reference:

    https://www.fortinet.com/blog/threat-research/ransomware-roundup-lynx


    Tags

    MalwareRansomwareLynx ransomware

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.