Genel Bakış

Ryuk, Wizard Spider ile ilişkilidir.

MalwareBazaar İstihbarat Verileri

Hash Örnekleri (İlk 50)

SHA256MD5İlk GörülmeTipBoyut
ee35526d4b26d6cccbdc... 7645fad737379aeb... 2025-04-11 exe 3.417.032
9c24785c1d429ce1cc9c... 6bb43dd10a3f8046... 2024-08-14 exe 17.174.016
8f368b029a3a5517cb13... 89895cf4c88f13e5... 2024-08-05 exe 147.968
302fa0883fe21e4d0b56... 3d3fce34e2092be6... 2024-04-15 exe 1.080.832
d6b7b27e13700aaa7f10... 2cc630e080bb8de5... 2023-11-20 exe 134.144
8da85cb00f7ba5e8c23b... 4f707c67968a14d0... 2023-08-11 exe 207.872
6cbc05acf871c106f780... 5661aec52fcc80cc... 2023-05-09 exe 195.072
91450f9e8aeb0361867c... c5b0f786fe68a431... 2023-03-29 exe 54.272
7cdbe203acf89434221c... 3186b2fa1bccd387... 2023-03-10 exe 2.554.815
79a98588b501d1fdb5de... 8e62455d24fa491c... 2023-03-10 exe 2.561.696
6b22aa631597af446721... 8c282f124ed2f977... 2023-03-10 exe 2.561.696
a9643eb83d509ad4eac2... 987336d00fdbec3b... 2023-03-09 exe 561.456
bf575ce1c9425bc44f5c... f62bb82db62dd6b8... 2022-12-20 exe 141.312
23bdeb9ae6a8f414c33e... 9d82063518aaf2fe... 2022-08-31 exe 308.224
7a8a0e69f5b95082af07... 8342e609684c41e0... 2022-06-05 exe 1.423.481
61e88158da4636ab0c11... e163fbce2507c89a... 2022-03-21 lnk 1.173
23f8aa94ffb3c08a6273... 5ac0f050f93f86e6... 2022-02-17 exe 393.216
40b865d1c3ab1b8544bc... 484a2bcb1335ac97... 2022-01-28 exe 201.136
e6762cb7d09cd90d5469... 73bbbc8ae0c44202... 2021-08-31 exe 140.288
cc4a0b4080844e20fb95... 1e181424e3f2cc4a... 2021-08-31 exe 140.800
a1ce52437252001b56c9... 7b1b8de28236c830... 2021-08-31 exe 142.848
60ef0ca5e6e7d62a7750... 662855171d4d584d... 2021-05-24 zip 69.675
7faeb64c50cd15d036ca... 0eed6a270c65ab47... 2021-03-21 exe 279.664
180f82bbedb03dc29328... a563c50c5fa0fd54... 2021-03-17 exe 650.752
9eb7abf2228ad28d8b7f... c68395e474088d53... 2021-03-17 exe 122.368
05e06709523fd798da96... 19fb1b610cb224e9... 2021-02-19 exe 311.792
88b1b4966650de59cef2... 6cad2f7dc809b935... 2021-01-18 exe 589.312
781bc4dcbd459893397a... 8555b213260ba5ed... 2021-01-11 exe 142.848
2ec5256a7edb90b1c05c... a5c70086b3bc4fe6... 2020-11-05 exe 137.680
5e2c9d80fa4528fe9777... f71c8ba616f936a2... 2020-11-05 exe 138.208
8862b060db997bc9077e... 5496313b83ccce9a... 2020-11-05 exe 130.560
cfdc2cb47ef3d2396307... 3b4802fde0df6ed4... 2020-10-31 exe 120.832
ec3da4ac9ec917e66ab9... 0a0b0ac20e9fe727... 2020-10-30 exe 137.696
d7333223dcc1002aae04... 097cb948a1f011f5... 2020-10-27 exe 123.392
d0d7a8f588693b7cc967... e8673c8a299d1647... 2020-10-27 exe 130.560
5b1f242aee0eabd4dffe... 45898f41cf503d59... 2020-10-27 exe 278.528
92f124ea5217f3fe5cba... 1737388ce8b0b5fc... 2020-10-27 exe 361.536
e8a0e80dfc520bf7e76c... a6db1982f3c14457... 2020-10-27 exe 126.464
cfe1678a7f2b949966d9... 775705a6875573b5... 2020-10-27 exe 126.464
bbbf38de4f40754f2354... 45c39c5cf35ec57e... 2020-10-27 exe 126.464
327da452b8c86ed89100... 42513d9fbd45e442... 2020-10-22 exe 8.066.816
d5d744e0f7984ec01593... ba59b52b445f45aa... 2020-10-21 exe 136.672
3ee706f07d13cb9e617e... 5af409fe584bed2f... 2020-10-05 exe 407.504
0cf36731f5b8651d53fc... 2209710b3ba686e5... 2020-06-10 exe 171.012
a671d564c50b3056b915... 1d056eb0c7e08567... 2020-06-10 exe 210.436

IOC Özeti

  • Bu analiz 45 adet benzersiz Ryuk örneğini kapsar.
  • Toplam 90 hash IOC kayıt altına alındı.
  • Kampanya aktivitesi: 2020-06-10 ile 2025-04-11 arasında tespit edildi.

Ryuk — Malware Profile

Wizard Spider threat group ransomware (2018+). Targets large enterprises, hospitals, municipalities. RyukReadMe.html ransom note. VirtualAllocEx+WriteProcessMemory+CreateRemoteThread injection. GetIpNetTable ARP scan for lateral movement. AdjustTokenPrivileges for SeBackupPrivilege/SeDebugPrivilege.

Malware Type
Ransomware
Programming Language
C
C2 Protocol
Target Systems
Windows

Technical Details

Ryuk ransomware emerged August 2018, operated by WIZARD SPIDER (TrickBot operators). Targeted large organizations for high ransoms ($100K-$12.5M+ per victim). Distribution: delivered via TrickBot/BazarLoader infections (human-operated). Encryption: RSA-2048 + AES-256 (CBC mode), unique key per file. Stops 40+ Windows services (backup, antivirus, database) and kills >180 processes. Deletes volume shadow copies (vssadmin delete shadows /all /Quiet). Disables Windows recovery: bcdedit /set {default} recoveryenabled No. Network propagation: uses Wake-on-LAN to activate sleeping network hosts for encryption. Believed based on Hermes ransomware sold by a North Korean-linked actor on underground forums. Predecessor to Conti ransomware which emerged from WIZARD SPIDER's operations in 2020.

Attribution / Threat Actor

WIZARD SPIDER (linked to Hermes/Lazarus initial code)

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (180 indicators)

IOC — Ryuk
# SHA256 6b22aa631597af44672174cec2c7e6c87741db9bcca6c59cf54eade02dae451b # SHA256 302fa0883fe21e4d0b56c68574a8073edb05b20325c41ea41e6d4e4005d0f9e1 # SHA256 a9643eb83d509ad4eac20a2a89d8571f8d781979ad078e89f5b75b4bcb16f65e # SHA256 d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9 # SHA256 bf575ce1c9425bc44f5cabbc34366e0e92ef369db0a8b69942c5bdb1cca9b800 # SHA256 8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd # SHA256 23bdeb9ae6a8f414c33ed8baf2de46477d0bc7f469dd543d60332a04e0b7c039 # SHA256 6cbc05acf871c106f7804069fffef908472a31ea1a782add45a100d14c8f5ea0 # SHA256 7a8a0e69f5b95082af078c47676bab17c0210d6c2d97e2631d147ead1a4505d3 # SHA256 91450f9e8aeb0361867cdefc0bb7e5bad8941b5081db549d34a91072df4db5dc # SHA256 61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f # SHA256 7cdbe203acf89434221c69804bf8bd1e44b413376fbb509301c80a84d73e3ee9 # SHA256 23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2 # SHA256 79a98588b501d1fdb5de009a49dccaaf2f7683407c856f5007c062f36823aad0 # SHA256 40b865d1c3ab1b8544bcf57c88edd30679870d40b27d62feb237a19f0c5f9cd1 # SHA256 6b22aa631597af44672174cec2c7e6c87741db9bcca6c59cf54eade02dae451b # SHA256 e6762cb7d09cd90d5469e3c3bfc3b47979cd67aa06c06e893015a87b0348c32c # SHA256 a9643eb83d509ad4eac20a2a89d8571f8d781979ad078e89f5b75b4bcb16f65e # SHA256 cc4a0b4080844e20fb9535679f7b09a3e2449729ce1815d1e5a64272b0225465 # SHA256 bf575ce1c9425bc44f5cabbc34366e0e92ef369db0a8b69942c5bdb1cca9b800 # SHA256 a1ce52437252001b56c9ccd2d2da46240dc38db8074a5ed39a396e8c8e387fc2 # SHA256 23bdeb9ae6a8f414c33ed8baf2de46477d0bc7f469dd543d60332a04e0b7c039 # SHA256 60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df # SHA256 7a8a0e69f5b95082af078c47676bab17c0210d6c2d97e2631d147ead1a4505d3 # SHA256 7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed # SHA256 61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f # SHA256 180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843 # SHA256 23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2 # SHA256 9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8 # SHA256 40b865d1c3ab1b8544bcf57c88edd30679870d40b27d62feb237a19f0c5f9cd1 # SHA256 05e06709523fd798da963c2c24254de0fcca6c57e1052996798ecc74ff43b41f # SHA256 e6762cb7d09cd90d5469e3c3bfc3b47979cd67aa06c06e893015a87b0348c32c # SHA256 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335 # SHA256 cc4a0b4080844e20fb9535679f7b09a3e2449729ce1815d1e5a64272b0225465 # SHA256 781bc4dcbd459893397a8b987bf697f5b95435dfaf7fe3f4d2224728e7a2202a # SHA256 a1ce52437252001b56c9ccd2d2da46240dc38db8074a5ed39a396e8c8e387fc2 # SHA256 2ec5256a7edb90b1c05c92f79e8a48c205b29e1ac910a535aa83c30b8dbbeff8 # SHA256 60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df # SHA256 5e2c9d80fa4528fe9777738a9cba9ede08cdae353fd4cb2d9caf0c9801fd5711 # SHA256 7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed # SHA256 8862b060db997bc9077e3bece06529c1c116af379985f6138a07ab5fde61b54c # SHA256 180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843 # SHA256 cfdc2cb47ef3d2396307c487fc3c9fe55b3802b2e570bee9aea4ab1e4ed2ec28 # SHA256 9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8 # SHA256 ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f # SHA256 05e06709523fd798da963c2c24254de0fcca6c57e1052996798ecc74ff43b41f # SHA256 d7333223dcc1002aae04e25e31d8c297efa791a2c1e609d67ac6d9af338efbe8 # SHA256 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335 # SHA256 d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe # SHA256 781bc4dcbd459893397a8b987bf697f5b95435dfaf7fe3f4d2224728e7a2202a # SHA256 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204 # SHA256 2ec5256a7edb90b1c05c92f79e8a48c205b29e1ac910a535aa83c30b8dbbeff8 # SHA256 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed # SHA256 5e2c9d80fa4528fe9777738a9cba9ede08cdae353fd4cb2d9caf0c9801fd5711 # SHA256 e8a0e80dfc520bf7e76c33a90ed6d286e8729e9defe6bb7da2f38bc2db33f399 # SHA256 8862b060db997bc9077e3bece06529c1c116af379985f6138a07ab5fde61b54c # SHA256 cfe1678a7f2b949966d9a020faafb46662584f8a6ac4b72583a21fa858f2a2e8 # SHA256 cfdc2cb47ef3d2396307c487fc3c9fe55b3802b2e570bee9aea4ab1e4ed2ec28 # SHA256 bbbf38de4f40754f235441a8e6a4c8bdb9365dab7f5cfcdac77dbb4d6236360b # SHA256 ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f # SHA256 327da452b8c86ed8910056646771de8fb92a928c3d135efb2d41e6cb26806382 # SHA256 d7333223dcc1002aae04e25e31d8c297efa791a2c1e609d67ac6d9af338efbe8 # SHA256 d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f # SHA256 d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe # SHA256 3ee706f07d13cb9e617eac2b4442479634ab48f11005568c739c6dcab75052a4 # SHA256 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204 # SHA256 0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3 # SHA256 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed # SHA256 a671d564c50b3056b915bdc6b063b781989b42e01a3743a1cb82849414fed0f8 # SHA256 e8a0e80dfc520bf7e76c33a90ed6d286e8729e9defe6bb7da2f38bc2db33f399 # SHA256 cfe1678a7f2b949966d9a020faafb46662584f8a6ac4b72583a21fa858f2a2e8 # SHA256 bbbf38de4f40754f235441a8e6a4c8bdb9365dab7f5cfcdac77dbb4d6236360b # SHA256 327da452b8c86ed8910056646771de8fb92a928c3d135efb2d41e6cb26806382 # SHA256 d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f # SHA256 3ee706f07d13cb9e617eac2b4442479634ab48f11005568c739c6dcab75052a4 # SHA256 0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3 # SHA256 a671d564c50b3056b915bdc6b063b781989b42e01a3743a1cb82849414fed0f8 # SHA256 ee35526d4b26d6cccbdc1fc8e6c94cf02e5f9be32b6b43390167804a0ce6c50f # SHA256 9c24785c1d429ce1cc9c72613993d12f2b1b95d96e834f3d3736b26221027094 # SHA256 8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a # SHA256 302fa0883fe21e4d0b56c68574a8073edb05b20325c41ea41e6d4e4005d0f9e1 # SHA256 d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9 # SHA256 8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd # SHA256 6cbc05acf871c106f7804069fffef908472a31ea1a782add45a100d14c8f5ea0 # SHA256 91450f9e8aeb0361867cdefc0bb7e5bad8941b5081db549d34a91072df4db5dc # SHA256 ee35526d4b26d6cccbdc1fc8e6c94cf02e5f9be32b6b43390167804a0ce6c50f # SHA256 7cdbe203acf89434221c69804bf8bd1e44b413376fbb509301c80a84d73e3ee9 # SHA256 9c24785c1d429ce1cc9c72613993d12f2b1b95d96e834f3d3736b26221027094 # SHA256 79a98588b501d1fdb5de009a49dccaaf2f7683407c856f5007c062f36823aad0 # SHA256 8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a # MD5 8e62455d24fa491c46f5c7201084ca76 # MD5 89895cf4c88f13e5797aab63dddf1078 # MD5 8c282f124ed2f977a12b91ae572e9f05 # MD5 3d3fce34e2092be6629eb75cee97ec69 # MD5 987336d00fdbec3bcdb95b078f7de46f # MD5 2cc630e080bb8de5faf9f5ae87f43f8b # MD5 f62bb82db62dd6b80908dcd79ea51fb2 # MD5 4f707c67968a14d08cc42958d5341707 # MD5 9d82063518aaf2fead87538da8c0a08c # MD5 5661aec52fcc80ccd4c5d263e113c115 # MD5 8342e609684c41e09f05cd69bc69c64a # MD5 c5b0f786fe68a4312307535890ba01e4 # MD5 e163fbce2507c89a106c8ad001dc099a # MD5 3186b2fa1bccd38746b3fa55865556ce # MD5 5ac0f050f93f86e69026faea1fbb4450 # MD5 8e62455d24fa491c46f5c7201084ca76 # MD5 484a2bcb1335ac97ee91194f4c0964bc # MD5 8c282f124ed2f977a12b91ae572e9f05 # MD5 73bbbc8ae0c442025a926402c114bd1e # MD5 987336d00fdbec3bcdb95b078f7de46f # MD5 1e181424e3f2cc4a93f3e4a6492b620a # MD5 f62bb82db62dd6b80908dcd79ea51fb2 # MD5 7b1b8de28236c830d677bee5d6e714ae # MD5 9d82063518aaf2fead87538da8c0a08c # MD5 662855171d4d584db3f36a4047a855f6 # MD5 8342e609684c41e09f05cd69bc69c64a # MD5 0eed6a270c65ab473f149b8b13c46c68 # MD5 e163fbce2507c89a106c8ad001dc099a # MD5 a563c50c5fa0fd541248acaf72cc4e7d # MD5 5ac0f050f93f86e69026faea1fbb4450 # MD5 c68395e474088d5339972e2bf5a30f3c # MD5 484a2bcb1335ac97ee91194f4c0964bc # MD5 19fb1b610cb224e9441f962d04e263f2 # MD5 73bbbc8ae0c442025a926402c114bd1e # MD5 6cad2f7dc809b9353a31753a438aef4e # MD5 1e181424e3f2cc4a93f3e4a6492b620a # MD5 8555b213260ba5eda4bf37652cecb431 # MD5 7b1b8de28236c830d677bee5d6e714ae # MD5 a5c70086b3bc4fe64f4e7a0aa452e620 # MD5 662855171d4d584db3f36a4047a855f6 # MD5 f71c8ba616f936a2fcff70ef4defece0 # MD5 0eed6a270c65ab473f149b8b13c46c68 # MD5 5496313b83ccce9a11fd94c70da68ace # MD5 a563c50c5fa0fd541248acaf72cc4e7d # MD5 3b4802fde0df6ed499555f5b37341a1c # MD5 c68395e474088d5339972e2bf5a30f3c # MD5 0a0b0ac20e9fe72753e74def1e37724f # MD5 19fb1b610cb224e9441f962d04e263f2 # MD5 097cb948a1f011f5de11579849a08db5 # MD5 6cad2f7dc809b9353a31753a438aef4e # MD5 e8673c8a299d1647ead6f3da4565ac54 # MD5 8555b213260ba5eda4bf37652cecb431 # MD5 45898f41cf503d594a008038281b0d48 # MD5 a5c70086b3bc4fe64f4e7a0aa452e620 # MD5 1737388ce8b0b5fc2dbc22f5b7352b7c # MD5 f71c8ba616f936a2fcff70ef4defece0 # MD5 a6db1982f3c144576f1fa5bea0e95f64 # MD5 5496313b83ccce9a11fd94c70da68ace # MD5 775705a6875573b5cb3aca1c656b76f8 # MD5 3b4802fde0df6ed499555f5b37341a1c # MD5 45c39c5cf35ec57e564a99ec3f99e40b # MD5 0a0b0ac20e9fe72753e74def1e37724f # MD5 42513d9fbd45e442f8f499a7bb5746a2 # MD5 097cb948a1f011f5de11579849a08db5 # MD5 ba59b52b445f45aaf8fb707445587b48 # MD5 e8673c8a299d1647ead6f3da4565ac54 # MD5 5af409fe584bed2f8b847bb9d2eca34f # MD5 45898f41cf503d594a008038281b0d48 # MD5 2209710b3ba686e5cbd8716df05c5174 # MD5 1737388ce8b0b5fc2dbc22f5b7352b7c # MD5 1d056eb0c7e08567567cf9d46fd5846e # MD5 a6db1982f3c144576f1fa5bea0e95f64 # MD5 775705a6875573b5cb3aca1c656b76f8 # MD5 45c39c5cf35ec57e564a99ec3f99e40b # MD5 42513d9fbd45e442f8f499a7bb5746a2 # MD5 ba59b52b445f45aaf8fb707445587b48 # MD5 5af409fe584bed2f8b847bb9d2eca34f # MD5 2209710b3ba686e5cbd8716df05c5174 # MD5 1d056eb0c7e08567567cf9d46fd5846e # MD5 7645fad737379aebabb7e1dc0092ca25 # MD5 6bb43dd10a3f8046540e010ed772c3ad # MD5 89895cf4c88f13e5797aab63dddf1078 # MD5 3d3fce34e2092be6629eb75cee97ec69 # MD5 2cc630e080bb8de5faf9f5ae87f43f8b # MD5 4f707c67968a14d08cc42958d5341707 # MD5 5661aec52fcc80ccd4c5d263e113c115 # MD5 c5b0f786fe68a4312307535890ba01e4 # MD5 7645fad737379aebabb7e1dc0092ca25 # MD5 3186b2fa1bccd38746b3fa55865556ce # MD5 6bb43dd10a3f8046540e010ed772c3ad
TypeValueNote
sha256 6b22aa631597af44672174cec2c7e6c87741db9bcca6c59cf54eade02dae451b MB:Ryuk
sha256 302fa0883fe21e4d0b56c68574a8073edb05b20325c41ea41e6d4e4005d0f9e1 MB:Ryuk
sha256 a9643eb83d509ad4eac20a2a89d8571f8d781979ad078e89f5b75b4bcb16f65e MB:Ryuk
sha256 d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9 MB:Ryuk
sha256 bf575ce1c9425bc44f5cabbc34366e0e92ef369db0a8b69942c5bdb1cca9b800 MB:Ryuk
sha256 8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd MB:Ryuk
sha256 23bdeb9ae6a8f414c33ed8baf2de46477d0bc7f469dd543d60332a04e0b7c039 MB:Ryuk
sha256 6cbc05acf871c106f7804069fffef908472a31ea1a782add45a100d14c8f5ea0 MB:Ryuk
sha256 7a8a0e69f5b95082af078c47676bab17c0210d6c2d97e2631d147ead1a4505d3 MB:Ryuk
sha256 91450f9e8aeb0361867cdefc0bb7e5bad8941b5081db549d34a91072df4db5dc MB:Ryuk
sha256 61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f MB:Ryuk
sha256 7cdbe203acf89434221c69804bf8bd1e44b413376fbb509301c80a84d73e3ee9 MB:Ryuk
sha256 23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2 MB:Ryuk
sha256 79a98588b501d1fdb5de009a49dccaaf2f7683407c856f5007c062f36823aad0 MB:Ryuk
sha256 40b865d1c3ab1b8544bcf57c88edd30679870d40b27d62feb237a19f0c5f9cd1 MB:Ryuk
sha256 6b22aa631597af44672174cec2c7e6c87741db9bcca6c59cf54eade02dae451b MB:Ryuk
sha256 e6762cb7d09cd90d5469e3c3bfc3b47979cd67aa06c06e893015a87b0348c32c MB:Ryuk
sha256 a9643eb83d509ad4eac20a2a89d8571f8d781979ad078e89f5b75b4bcb16f65e MB:Ryuk
sha256 cc4a0b4080844e20fb9535679f7b09a3e2449729ce1815d1e5a64272b0225465 MB:Ryuk
sha256 bf575ce1c9425bc44f5cabbc34366e0e92ef369db0a8b69942c5bdb1cca9b800 MB:Ryuk
sha256 a1ce52437252001b56c9ccd2d2da46240dc38db8074a5ed39a396e8c8e387fc2 MB:Ryuk
sha256 23bdeb9ae6a8f414c33ed8baf2de46477d0bc7f469dd543d60332a04e0b7c039 MB:Ryuk
sha256 60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df MB:Ryuk
sha256 7a8a0e69f5b95082af078c47676bab17c0210d6c2d97e2631d147ead1a4505d3 MB:Ryuk
sha256 7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed MB:Ryuk
sha256 61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f MB:Ryuk
sha256 180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843 MB:Ryuk
sha256 23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2 MB:Ryuk
sha256 9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8 MB:Ryuk
sha256 40b865d1c3ab1b8544bcf57c88edd30679870d40b27d62feb237a19f0c5f9cd1 MB:Ryuk
sha256 05e06709523fd798da963c2c24254de0fcca6c57e1052996798ecc74ff43b41f MB:Ryuk
sha256 e6762cb7d09cd90d5469e3c3bfc3b47979cd67aa06c06e893015a87b0348c32c MB:Ryuk
sha256 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335 MB:Ryuk
sha256 cc4a0b4080844e20fb9535679f7b09a3e2449729ce1815d1e5a64272b0225465 MB:Ryuk
sha256 781bc4dcbd459893397a8b987bf697f5b95435dfaf7fe3f4d2224728e7a2202a MB:Ryuk
sha256 a1ce52437252001b56c9ccd2d2da46240dc38db8074a5ed39a396e8c8e387fc2 MB:Ryuk
sha256 2ec5256a7edb90b1c05c92f79e8a48c205b29e1ac910a535aa83c30b8dbbeff8 MB:Ryuk
sha256 60ef0ca5e6e7d62a7750cfe1c0b08d473cb19a6817a799f035ac56e0d27ce3df MB:Ryuk
sha256 5e2c9d80fa4528fe9777738a9cba9ede08cdae353fd4cb2d9caf0c9801fd5711 MB:Ryuk
sha256 7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed MB:Ryuk
sha256 8862b060db997bc9077e3bece06529c1c116af379985f6138a07ab5fde61b54c MB:Ryuk
sha256 180f82bbedb03dc29328e32e054069870a1e65078b78b2120a84c96aaed7d843 MB:Ryuk
sha256 cfdc2cb47ef3d2396307c487fc3c9fe55b3802b2e570bee9aea4ab1e4ed2ec28 MB:Ryuk
sha256 9eb7abf2228ad28d8b7f571e0495d4a35da40607f04355307077975e271553b8 MB:Ryuk
sha256 ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f MB:Ryuk
sha256 05e06709523fd798da963c2c24254de0fcca6c57e1052996798ecc74ff43b41f MB:Ryuk
sha256 d7333223dcc1002aae04e25e31d8c297efa791a2c1e609d67ac6d9af338efbe8 MB:Ryuk
sha256 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335 MB:Ryuk
sha256 d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe MB:Ryuk
sha256 781bc4dcbd459893397a8b987bf697f5b95435dfaf7fe3f4d2224728e7a2202a MB:Ryuk
sha256 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204 MB:Ryuk
sha256 2ec5256a7edb90b1c05c92f79e8a48c205b29e1ac910a535aa83c30b8dbbeff8 MB:Ryuk
sha256 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed MB:Ryuk
sha256 5e2c9d80fa4528fe9777738a9cba9ede08cdae353fd4cb2d9caf0c9801fd5711 MB:Ryuk
sha256 e8a0e80dfc520bf7e76c33a90ed6d286e8729e9defe6bb7da2f38bc2db33f399 MB:Ryuk
sha256 8862b060db997bc9077e3bece06529c1c116af379985f6138a07ab5fde61b54c MB:Ryuk
sha256 cfe1678a7f2b949966d9a020faafb46662584f8a6ac4b72583a21fa858f2a2e8 MB:Ryuk
sha256 cfdc2cb47ef3d2396307c487fc3c9fe55b3802b2e570bee9aea4ab1e4ed2ec28 MB:Ryuk
sha256 bbbf38de4f40754f235441a8e6a4c8bdb9365dab7f5cfcdac77dbb4d6236360b MB:Ryuk
sha256 ec3da4ac9ec917e66ab943ab149119807922f64f2e4960ebadc36fe7520b300f MB:Ryuk
sha256 327da452b8c86ed8910056646771de8fb92a928c3d135efb2d41e6cb26806382 MB:Ryuk
sha256 d7333223dcc1002aae04e25e31d8c297efa791a2c1e609d67ac6d9af338efbe8 MB:Ryuk
sha256 d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f MB:Ryuk
sha256 d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe MB:Ryuk
sha256 3ee706f07d13cb9e617eac2b4442479634ab48f11005568c739c6dcab75052a4 MB:Ryuk
sha256 5b1f242aee0eabd4dffea0fe5f08aba60abf7c8d1e4f7fc7357af7f20ccd0204 MB:Ryuk
sha256 0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3 MB:Ryuk
sha256 92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed MB:Ryuk
sha256 a671d564c50b3056b915bdc6b063b781989b42e01a3743a1cb82849414fed0f8 MB:Ryuk
sha256 e8a0e80dfc520bf7e76c33a90ed6d286e8729e9defe6bb7da2f38bc2db33f399 MB:Ryuk
sha256 cfe1678a7f2b949966d9a020faafb46662584f8a6ac4b72583a21fa858f2a2e8 MB:Ryuk
sha256 bbbf38de4f40754f235441a8e6a4c8bdb9365dab7f5cfcdac77dbb4d6236360b MB:Ryuk
sha256 327da452b8c86ed8910056646771de8fb92a928c3d135efb2d41e6cb26806382 MB:Ryuk
sha256 d5d744e0f7984ec01593da35f26bf24e95e4b1cc8bd1c0ff4f31de5dbf94e38f MB:Ryuk
sha256 3ee706f07d13cb9e617eac2b4442479634ab48f11005568c739c6dcab75052a4 MB:Ryuk
sha256 0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3 MB:Ryuk
sha256 a671d564c50b3056b915bdc6b063b781989b42e01a3743a1cb82849414fed0f8 MB:Ryuk
sha256 ee35526d4b26d6cccbdc1fc8e6c94cf02e5f9be32b6b43390167804a0ce6c50f MB:Ryuk
sha256 9c24785c1d429ce1cc9c72613993d12f2b1b95d96e834f3d3736b26221027094 MB:Ryuk
sha256 8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a MB:Ryuk
sha256 302fa0883fe21e4d0b56c68574a8073edb05b20325c41ea41e6d4e4005d0f9e1 MB:Ryuk
sha256 d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9 MB:Ryuk
sha256 8da85cb00f7ba5e8c23b058d31a4b169c18936a8f7181015ce27e871d8b8cccd MB:Ryuk
sha256 6cbc05acf871c106f7804069fffef908472a31ea1a782add45a100d14c8f5ea0 MB:Ryuk
sha256 91450f9e8aeb0361867cdefc0bb7e5bad8941b5081db549d34a91072df4db5dc MB:Ryuk
sha256 ee35526d4b26d6cccbdc1fc8e6c94cf02e5f9be32b6b43390167804a0ce6c50f MB:Ryuk
sha256 7cdbe203acf89434221c69804bf8bd1e44b413376fbb509301c80a84d73e3ee9 MB:Ryuk
sha256 9c24785c1d429ce1cc9c72613993d12f2b1b95d96e834f3d3736b26221027094 MB:Ryuk
sha256 79a98588b501d1fdb5de009a49dccaaf2f7683407c856f5007c062f36823aad0 MB:Ryuk
sha256 8f368b029a3a5517cb133529274834585d087a2d3a5875d03ea38e5774019c8a MB:Ryuk
md5 8e62455d24fa491c46f5c7201084ca76 MB:Ryuk
md5 89895cf4c88f13e5797aab63dddf1078 MB:Ryuk
md5 8c282f124ed2f977a12b91ae572e9f05 MB:Ryuk
md5 3d3fce34e2092be6629eb75cee97ec69 MB:Ryuk
md5 987336d00fdbec3bcdb95b078f7de46f MB:Ryuk
md5 2cc630e080bb8de5faf9f5ae87f43f8b MB:Ryuk
md5 f62bb82db62dd6b80908dcd79ea51fb2 MB:Ryuk
md5 4f707c67968a14d08cc42958d5341707 MB:Ryuk
md5 9d82063518aaf2fead87538da8c0a08c MB:Ryuk
md5 5661aec52fcc80ccd4c5d263e113c115 MB:Ryuk
md5 8342e609684c41e09f05cd69bc69c64a MB:Ryuk
md5 c5b0f786fe68a4312307535890ba01e4 MB:Ryuk
md5 e163fbce2507c89a106c8ad001dc099a MB:Ryuk
md5 3186b2fa1bccd38746b3fa55865556ce MB:Ryuk
md5 5ac0f050f93f86e69026faea1fbb4450 MB:Ryuk
md5 8e62455d24fa491c46f5c7201084ca76 MB:Ryuk
md5 484a2bcb1335ac97ee91194f4c0964bc MB:Ryuk
md5 8c282f124ed2f977a12b91ae572e9f05 MB:Ryuk
md5 73bbbc8ae0c442025a926402c114bd1e MB:Ryuk
md5 987336d00fdbec3bcdb95b078f7de46f MB:Ryuk
md5 1e181424e3f2cc4a93f3e4a6492b620a MB:Ryuk
md5 f62bb82db62dd6b80908dcd79ea51fb2 MB:Ryuk
md5 7b1b8de28236c830d677bee5d6e714ae MB:Ryuk
md5 9d82063518aaf2fead87538da8c0a08c MB:Ryuk
md5 662855171d4d584db3f36a4047a855f6 MB:Ryuk
md5 8342e609684c41e09f05cd69bc69c64a MB:Ryuk
md5 0eed6a270c65ab473f149b8b13c46c68 MB:Ryuk
md5 e163fbce2507c89a106c8ad001dc099a MB:Ryuk
md5 a563c50c5fa0fd541248acaf72cc4e7d MB:Ryuk
md5 5ac0f050f93f86e69026faea1fbb4450 MB:Ryuk
md5 c68395e474088d5339972e2bf5a30f3c MB:Ryuk
md5 484a2bcb1335ac97ee91194f4c0964bc MB:Ryuk
md5 19fb1b610cb224e9441f962d04e263f2 MB:Ryuk
md5 73bbbc8ae0c442025a926402c114bd1e MB:Ryuk
md5 6cad2f7dc809b9353a31753a438aef4e MB:Ryuk
md5 1e181424e3f2cc4a93f3e4a6492b620a MB:Ryuk
md5 8555b213260ba5eda4bf37652cecb431 MB:Ryuk
md5 7b1b8de28236c830d677bee5d6e714ae MB:Ryuk
md5 a5c70086b3bc4fe64f4e7a0aa452e620 MB:Ryuk
md5 662855171d4d584db3f36a4047a855f6 MB:Ryuk
md5 f71c8ba616f936a2fcff70ef4defece0 MB:Ryuk
md5 0eed6a270c65ab473f149b8b13c46c68 MB:Ryuk
md5 5496313b83ccce9a11fd94c70da68ace MB:Ryuk
md5 a563c50c5fa0fd541248acaf72cc4e7d MB:Ryuk
md5 3b4802fde0df6ed499555f5b37341a1c MB:Ryuk
md5 c68395e474088d5339972e2bf5a30f3c MB:Ryuk
md5 0a0b0ac20e9fe72753e74def1e37724f MB:Ryuk
md5 19fb1b610cb224e9441f962d04e263f2 MB:Ryuk
md5 097cb948a1f011f5de11579849a08db5 MB:Ryuk
md5 6cad2f7dc809b9353a31753a438aef4e MB:Ryuk
md5 e8673c8a299d1647ead6f3da4565ac54 MB:Ryuk
md5 8555b213260ba5eda4bf37652cecb431 MB:Ryuk
md5 45898f41cf503d594a008038281b0d48 MB:Ryuk
md5 a5c70086b3bc4fe64f4e7a0aa452e620 MB:Ryuk
md5 1737388ce8b0b5fc2dbc22f5b7352b7c MB:Ryuk
md5 f71c8ba616f936a2fcff70ef4defece0 MB:Ryuk
md5 a6db1982f3c144576f1fa5bea0e95f64 MB:Ryuk
md5 5496313b83ccce9a11fd94c70da68ace MB:Ryuk
md5 775705a6875573b5cb3aca1c656b76f8 MB:Ryuk
md5 3b4802fde0df6ed499555f5b37341a1c MB:Ryuk
md5 45c39c5cf35ec57e564a99ec3f99e40b MB:Ryuk
md5 0a0b0ac20e9fe72753e74def1e37724f MB:Ryuk
md5 42513d9fbd45e442f8f499a7bb5746a2 MB:Ryuk
md5 097cb948a1f011f5de11579849a08db5 MB:Ryuk
md5 ba59b52b445f45aaf8fb707445587b48 MB:Ryuk
md5 e8673c8a299d1647ead6f3da4565ac54 MB:Ryuk
md5 5af409fe584bed2f8b847bb9d2eca34f MB:Ryuk
md5 45898f41cf503d594a008038281b0d48 MB:Ryuk
md5 2209710b3ba686e5cbd8716df05c5174 MB:Ryuk
md5 1737388ce8b0b5fc2dbc22f5b7352b7c MB:Ryuk
md5 1d056eb0c7e08567567cf9d46fd5846e MB:Ryuk
md5 a6db1982f3c144576f1fa5bea0e95f64 MB:Ryuk
md5 775705a6875573b5cb3aca1c656b76f8 MB:Ryuk
md5 45c39c5cf35ec57e564a99ec3f99e40b MB:Ryuk
md5 42513d9fbd45e442f8f499a7bb5746a2 MB:Ryuk
md5 ba59b52b445f45aaf8fb707445587b48 MB:Ryuk
md5 5af409fe584bed2f8b847bb9d2eca34f MB:Ryuk
md5 2209710b3ba686e5cbd8716df05c5174 MB:Ryuk
md5 1d056eb0c7e08567567cf9d46fd5846e MB:Ryuk
md5 7645fad737379aebabb7e1dc0092ca25 MB:Ryuk
md5 6bb43dd10a3f8046540e010ed772c3ad MB:Ryuk
md5 89895cf4c88f13e5797aab63dddf1078 MB:Ryuk
md5 3d3fce34e2092be6629eb75cee97ec69 MB:Ryuk
md5 2cc630e080bb8de5faf9f5ae87f43f8b MB:Ryuk
md5 4f707c67968a14d08cc42958d5341707 MB:Ryuk
md5 5661aec52fcc80ccd4c5d263e113c115 MB:Ryuk
md5 c5b0f786fe68a4312307535890ba01e4 MB:Ryuk
md5 7645fad737379aebabb7e1dc0092ca25 MB:Ryuk
md5 3186b2fa1bccd38746b3fa55865556ce MB:Ryuk
md5 6bb43dd10a3f8046540e010ed772c3ad MB:Ryuk

C2 Servers (2 recorded servers for this family)

Address Type Port Protocol Status Country
51.161.204.106 ip 443 HTTPS sinkholed CA
162.119.249.198 ip 443 HTTPS sinkholed US

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
bulkiocmalwarebazaarransomwareryuk