SYMBOLCOMMON_NAMEaka. SYNONYMS
win.khonsari (Back to overview)

Khonsari


A compact ransomware written in .NET and delivered as follow-up to Log4J exploitation, targeting Windows servers.

References
2022-03VirusTotalVirusTotal
@techreport{virustotal:202203:virustotals:c6af9c1, author = {VirusTotal}, title = {{VirusTotal's 2021 Malware Trends Report}}, date = {2022-03}, institution = {VirusTotal}, url = {https://assets.virustotal.com/reports/2021trends.pdf}, language = {English}, urldate = {2022-04-13} } VirusTotal's 2021 Malware Trends Report
Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT
2021-12-30CloudsekAnandeshwar Unnikrishnan, Isha Tripathi
@online{unnikrishnan:20211230:technical:9a058e7, author = {Anandeshwar Unnikrishnan and Isha Tripathi}, title = {{Technical Analysis of Khonsari Ransomware Campaign Exploiting the Log4Shell Vulnerability}}, date = {2021-12-30}, organization = {Cloudsek}, url = {https://cloudsek.com/technical-analysis-of-khonsari-ransomware-campaign-exploiting-the-log4shell-vulnerability/}, language = {English}, urldate = {2022-05-25} } Technical Analysis of Khonsari Ransomware Campaign Exploiting the Log4Shell Vulnerability
Khonsari
2021-12-23SymantecSiddhesh Chandrayan
@online{chandrayan:20211223:log4j:58ea562, author = {Siddhesh Chandrayan}, title = {{Log4j Vulnerabilities: Attack Insights}}, date = {2021-12-23}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/log4j-vulnerabilities-attacks}, language = {English}, urldate = {2022-01-25} } Log4j Vulnerabilities: Attack Insights
Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass
2021-12-14Cado SecurityMatt Muir
@online{muir:20211214:analysis:fb34f1a, author = {Matt Muir}, title = {{Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability}}, date = {2021-12-14}, organization = {Cado Security}, url = {https://www.cadosecurity.com/analysis-of-novel-khonsari-ransomware-deployed-by-the-log4shell-vulnerability/}, language = {English}, urldate = {2022-01-18} } Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability
Khonsari
2021-12-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20211211:guidance:fb6acc1, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability}}, date = {2021-12-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation}, language = {English}, urldate = {2022-07-25} } Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Khonsari NightSky BRONZE STARLIGHT

There is no Yara-Signature yet.