SYMBOLCOMMON_NAMEaka. SYNONYMS
win.chaos (Back to overview)

Chaos

aka: FakeRyuk, RyukJoke

In-development ransomware family which was released in June 2021 by an unknown threat actor. The builder initially claimed to be a "Ryuk .Net Ransomware Builder" even though it was completely unrelated to the Ryuk malware family. Presently it appears to contain trojan-like features, but lacks features commonly found in ransomware such as data exfiltration.

References
2022-06-09Bleeping ComputerLawrence Abrams
@online{abrams:20220609:roblox:19b3f09, author = {Lawrence Abrams}, title = {{Roblox Game Pass store used to sell ransomware decryptor}}, date = {2022-06-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/}, language = {English}, urldate = {2022-06-10} } Roblox Game Pass store used to sell ransomware decryptor
Chaos
2022-05-24BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220524:yashma:33b80cb, author = {The BlackBerry Research & Intelligence Team}, title = {{Yashma Ransomware, Tracing the Chaos Family Tree}}, date = {2022-05-24}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree}, language = {English}, urldate = {2022-05-24} } Yashma Ransomware, Tracing the Chaos Family Tree
Chaos
2022-05-17FortinetGergely Revay, Shunichi Imano
@online{revay:20220517:chaos:9ff6ed3, author = {Gergely Revay and Shunichi Imano}, title = {{Chaos Ransomware Variant Sides with Russia}}, date = {2022-05-17}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-sides-with-russia}, language = {English}, urldate = {2022-05-25} } Chaos Ransomware Variant Sides with Russia
Chaos
2022-04-28Twitter (@vinopaljiri)Jiří Vinopal
@online{vinopal:20220428:onyx:b2312e0, author = {Jiří Vinopal}, title = {{#ONYX Ransomware is based on #Chaos Ransomware Builderv4}}, date = {2022-04-28}, organization = {Twitter (@vinopaljiri)}, url = {https://twitter.com/vinopaljiri/status/1519645742440329216}, language = {English}, urldate = {2022-05-03} } #ONYX Ransomware is based on #Chaos Ransomware Builderv4
Chaos
2022-02-14Brian Stadnicki
@online{stadnicki:20220214:chaos:998b377, author = {Brian Stadnicki}, title = {{Chaos ransomware v4}}, date = {2022-02-14}, url = {https://brianstadnicki.github.io/posts/malware-chaos-ransomware-v4/}, language = {English}, urldate = {2022-03-15} } Chaos ransomware v4
Chaos
2022-01-17QualysBajrang Mane
@online{mane:20220117:chaos:911b0fa, author = {Bajrang Mane}, title = {{The Chaos Ransomware Can Be Ravaging}}, date = {2022-01-17}, organization = {Qualys}, url = {https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging}, language = {English}, urldate = {2022-02-04} } The Chaos Ransomware Can Be Ravaging
Chaos
2021-10-28FortinetShunichi Imano, Fred Gutierrez
@online{imano:20211028:chaos:7725fa9, author = {Shunichi Imano and Fred Gutierrez}, title = {{Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers}}, date = {2021-10-28}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-in-fake-minecraft-alt-list-brings-destruction}, language = {English}, urldate = {2021-11-03} } Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
Chaos
2021-08-10Trend MicroMonte de Jesus, Don Ovid Ladores
@online{jesus:20210810:chaos:153f943, author = {Monte de Jesus and Don Ovid Ladores}, title = {{Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications}}, date = {2021-08-10}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/chaos-ransomware-a-dangerous-proof-of-concept.html}, language = {English}, urldate = {2021-08-23} } Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications
Chaos
2021-06-14Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210614:allegedly:ad3d608, author = {Marco Ramilli}, title = {{The Allegedly Ryuk Ransomware builder: #RyukJoke}}, date = {2021-06-14}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/06/14/the-allegedly-ryuk-ransomware-builder-ryukjoke/}, language = {English}, urldate = {2021-08-23} } The Allegedly Ryuk Ransomware builder: #RyukJoke
Chaos

There is no Yara-Signature yet.