SYMBOLCOMMON_NAMEaka. SYNONYMS
win.eda2_ransom (Back to overview)

EDA2

EDA2 is a successor of HiddenTear. Just like HiddenTear it was developed as an open-source project by a security researcher and published on Github. It was meant as "educational ransomware" and purposefully had flaws in the encryption process that allow decryption of ransomed files.

This backfired, when threat actors began to modify HiddenTear and EDA2 source code. Some modifications introduced bugs where encrypted files were destroyed, others fixed the encryption flaws and made decryption without a key impossible.

References
2020-04-14Palo Alto Networks Unit 42Adrian McCabe, Vicky Ray, Juan Cortes
@online{mccabe:20200414:malicious:9481b60, author = {Adrian McCabe and Vicky Ray and Juan Cortes}, title = {{Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns}}, date = {2020-04-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/}, language = {English}, urldate = {2020-04-14} } Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
Agent Tesla EDA2
2017-08-21Utku Sen BlogUtku Sen
@online{sen:20170821:im:ccdcc50, author = {Utku Sen}, title = {{I'm Sorry For Hidden Tear and EDA2}}, date = {2017-08-21}, organization = {Utku Sen Blog}, url = {https://utkusen.com/blog/im-sorry-for-hidden-tear-eda2}, language = {English}, urldate = {2023-11-22} } I'm Sorry For Hidden Tear and EDA2
EDA2 HiddenTear
2017-01-02Twitter (JaromirHorejsi)Jaromír Hořejší
@online{hoej:20170102:ransomware:d94c3dd, author = {Jaromír Hořejší}, title = {{Tweet on Ransomware}}, date = {2017-01-02}, organization = {Twitter (JaromirHorejsi)}, url = {https://twitter.com/JaromirHorejsi/status/815861135882780673}, language = {English}, urldate = {2020-01-09} } Tweet on Ransomware
EDA2
2016-01-25Bleeping ComputerLawrence Abrams
@online{abrams:20160125:hidden:66efed3, author = {Lawrence Abrams}, title = {{Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code}}, date = {2016-01-25}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/hidden-tear-ransomware-developer-blackmailed-by-malware-developers-using-his-code/}, language = {English}, urldate = {2023-11-22} } Hidden Tear Ransomware Developer Blackmailed by Malware Developers using his Code
EDA2 HiddenTear
2016-01-23Github (utkusen)Utku Sen
@online{sen:20160123:github:3bf8ac7, author = {Utku Sen}, title = {{Github Repository of EDA2}}, date = {2016-01-23}, organization = {Github (utkusen)}, url = {https://github.com/utkusen/eda2}, language = {English}, urldate = {2023-11-22} } Github Repository of EDA2
EDA2

There is no Yara-Signature yet.