SYMBOLCOMMON_NAMEaka. SYNONYMS
win.chaos (Back to overview)

Chaos

aka: FakeRyuk, RyukJoke

In-development ransomware family which was released in June 2021 by an unknown threat actor. The builder initially claimed to be a "Ryuk .Net Ransomware Builder" even though it was completely unrelated to the Ryuk malware family. Presently it appears to contain trojan-like features, but lacks features commonly found in ransomware such as data exfiltration.

References
2021-10-28FortinetShunichi Imano, Fred Gutierrez
@online{imano:20211028:chaos:7725fa9, author = {Shunichi Imano and Fred Gutierrez}, title = {{Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers}}, date = {2021-10-28}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-in-fake-minecraft-alt-list-brings-destruction}, language = {English}, urldate = {2021-11-03} } Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
Chaos
2021-08-10Trend MicroMonte de Jesus, Don Ovid Ladores
@online{jesus:20210810:chaos:153f943, author = {Monte de Jesus and Don Ovid Ladores}, title = {{Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications}}, date = {2021-08-10}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/chaos-ransomware-a-dangerous-proof-of-concept.html}, language = {English}, urldate = {2021-08-23} } Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications
Chaos
2021-06-14Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210614:allegedly:ad3d608, author = {Marco Ramilli}, title = {{The Allegedly Ryuk Ransomware builder: #RyukJoke}}, date = {2021-06-14}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/06/14/the-allegedly-ryuk-ransomware-builder-ryukjoke/}, language = {English}, urldate = {2021-08-23} } The Allegedly Ryuk Ransomware builder: #RyukJoke
Chaos

There is no Yara-Signature yet.