TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

【図表】

f:id:tanigawa:20201129083918j:plain
ランサムノート Ranzy 1.0
f:id:tanigawa:20201129083932j:plain
ランサムノート Ranzy 1.1
出典: https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/


【ブログ】

◆Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative (Sentinel Labs, 2020/11/18)
https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/


【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)
  ◆ランサムウェア (まとめ)

◆ThunderX / Ranzy Locker (まとめ)
https://malware-log.hatenablog.com/entry/ThunderX


【インディケータ情報】

■ハッシュ情報(Sha256) -Ranzy Locker -

c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79

(以上は Sentinel Labs の情報: 引用元は https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/)


■ハッシュ情報(Sha1) - Ranzy Locker -

43ccf398999f70b613e1353cfb6845ee09b393ca
35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
38b86dacb1568af968365663c548bd9556fe0849
20102532dfc58bc8256f507da4a177850f349f7a
9a77e2f8bf0da35f7d84897c187e3aff322f024d

(以上は Sentinel Labs の情報: 引用元は https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/)


■MITRE ATT&CK - Ranzy Locker -

Indicator Removal on Host: File Deletion T1070.004
Modify Registry T1112
Query Registry T1012
System Information Discovery T1082
Peripheral Device Discovery T1120
Inhibit System Recovery T1490
Create or Modify System Process: Windows Service T1031
Exfiltration TA0010


【検索】

google: Ranzy
google:news: Ranzy
https://www.hatena.ne.jp/o/search/top?q=Ranzy

google: c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
google: 393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
google: 90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
google: bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
google: ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79

google: 43ccf398999f70b613e1353cfb6845ee09b393ca
google: 35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
google: 38b86dacb1568af968365663c548bd9556fe0849
google: 20102532dfc58bc8256f507da4a177850f349f7a
google: 9a77e2f8bf0da35f7d84897c187e3aff322f024d


【VT検索】

https://www.virustotal.com/gui/file/c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
https://www.virustotal.com/gui/file/393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
https://www.virustotal.com/gui/file/90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
https://www.virustotal.com/gui/file/bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
https://www.virustotal.com/gui/file/ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79

https://www.virustotal.com/gui/file/43ccf398999f70b613e1353cfb6845ee09b393ca
https://www.virustotal.com/gui/file/35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
https://www.virustotal.com/gui/file/38b86dacb1568af968365663c548bd9556fe0849
https://www.virustotal.com/gui/file/20102532dfc58bc8256f507da4a177850f349f7a
https://www.virustotal.com/gui/file/9a77e2f8bf0da35f7d84897c187e3aff322f024d


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020