HiddenTear (Malware Family)

HiddenTear

aka: FuckUnicorn

HiddenTear is an open source ransomware developed by a Turkish programmer and later released as proof of concept on GitHub. The malware generates a local symmetric key in order to encrypt a configurable folder (/test was the default one) and it sends it to a centralized C&C server. Due to its small payload it was used as real attack vector over email phishing campaigns. Variants are still used in attacks.

References

2021-11-04 ⋅ CrowdStrike ⋅ Eric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 2
BlackMatter Griffon BlackMatter DarkSide HiddenTear JSSLoader

2020-05-26 ⋅ Bleeping Computer ⋅ Ionut Ilascu
New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map
HiddenTear

2020-05-25 ⋅ Twitter (@JAMESWT_MHT) ⋅ JamesWT
Tweet on FuckUnicorn instance of HiddenTear
HiddenTear

2019-10-26 ⋅ Dissecting Malware ⋅ Marius Genheimer
Earn-quick-BTC-with-Hiddentear.mp4 / About Open Source Ransomware
HiddenTear

2018-01-09 ⋅ Twitter (@struppigel) ⋅ Karsten Hahn
Tweet on HiddenTear Sample
HiddenTear

2017-06-12 ⋅ SlideShare ⋅ Christopher Doman
Open Source Malware - Sharing is caring?
HiddenTear

2016-03-20 ⋅ Tripwire ⋅ Tripwire Guest Authos
Hidden Tear Project: Forbidden Fruit Is the Sweetest
HiddenTear

2015-08-18 ⋅ Github (goliate) ⋅ goliate
ransomware open-sources
HiddenTear

There is no Yara-Signature yet.

HiddenTear Propose Change

References

HiddenTear