otx.alienvault.com
Open in
urlscan Pro
99.86.4.45
Public Scan
URL:
https://otx.alienvault.com/pulse/61681a66180cdaca723352ab/
Submission: On August 12 via api from DE — Scanned from DE
Submission: On August 12 via api from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Your session has expired. Login to start a new session. × * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (69) Suggest Edit Clone Embed Download Report Spam NEW YANLUOWANG RANSOMWARE USED IN TARGETED ATTACKS * Created 10 months ago by Superpro * Public * TLP: White The Symantec Threat Hunter Team has recently discovered what appears to be a new ransomware, dubbed Yanluowang. The ransomware was firstly used against a high-profile organization in a targeted attack, and upon further investigation, revealed the threat to be a new, if somewhat underdeveloped, ransomware family. Before deploying the ransomware, the threat actors would utilize AdFind, a legitimate command-line Active Directory query tool, on the victim organization’s network. This allows the threat actor to do reconnaissance tasks including gaining access to information needed for lateral movement through their victim's network. Once deployed, the ransomware would drop a ransom note which warns the victim to not reach out for help, or risk DDoS and repeated ransomware attacks. Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware Tags: yanluowang, symantec, threat hunter, min read, blogs, team symantec, team, broadcom, new yanluowang, symantec blogs, main, malware, ransomware, close Malware Family: Yanluowang Att&ck ID: T1106 - Native API Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (3) * Related Pulses (17) * Comments (0) * History (0) FileHash-SHA256 (3) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA256d11793433065633b84567de403c1989640a07c9a399dd2753aaf118891ce791cOct 14, 2021, 11:54:15 AM9 FileHash-SHA25649d828087ca77abc8d3ac2e4719719ca48578b265bbb632a1a7a36560ec47f2dOct 14, 2021, 11:54:15 AM12 FileHash-SHA2562c2513e17a23676495f793584d7165900130ed4e8cccf72d9d20078e27770e04Oct 14, 2021, 11:54:15 AM12 SHOWING 1 TO 3 OF 3 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status