SYMBOLCOMMON_NAMEaka. SYNONYMS
win.partyticket (Back to overview)

PartyTicket

aka: Elections GoRansom, HermeticRansom, SonicVote

PartyTicket is a Go-written ransomware, which was described as a poorly designed one by Zscaler. According to Brett Stone-Gross this malware is likely intended to be a diversion from the Hermetic wiper (aka. KillDisk.NCV, DriveSlayer) attack.

References
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, Sam Riddell, David Mainor, Ryan Serabian
@online{wahlstrom:20220519:io:eacf6cd, author = {Alden Wahlstrom and Alice Revelli and Sam Riddell and David Mainor and Ryan Serabian}, title = {{The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine}}, date = {2022-05-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/information-operations-surrounding-ukraine}, language = {English}, urldate = {2022-05-25} } The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-11KasperskyGReAT
@online{great:20220511:new:a56bc90, author = {GReAT}, title = {{New ransomware trends in 2022}}, date = {2022-05-11}, organization = {Kaspersky}, url = {https://securelist.com/new-ransomware-trends-in-2022/106457/}, language = {English}, urldate = {2022-05-17} } New ransomware trends in 2022
BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
@online{dsu:20220427:special:f1a2031, author = {Microsoft Digital Security Unit (DSU)}, title = {{Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine}}, date = {2022-04-27}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd}, language = {English}, urldate = {2022-05-03} } Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-07InQuestWill MacArthur, Nick Chalard
@online{macarthur:20220407:ukraine:99bef5a, author = {Will MacArthur and Nick Chalard}, title = {{Ukraine CyberWar Overview}}, date = {2022-04-07}, organization = {InQuest}, url = {https://inquest.net/blog/2022/04/07/ukraine-cyberwar-overview}, language = {English}, urldate = {2022-04-29} } Ukraine CyberWar Overview
CyclopsBlink Cobalt Strike GraphSteel GrimPlant HermeticWiper HermeticWizard MicroBackdoor PartyTicket Saint Bot Scieron WhisperGate
2022-03-21eSentireeSentire
@online{esentire:20220321:esentire:d07192a, author = {eSentire}, title = {{eSentire Threat Intelligence Malware Analysis: HermeticWiper & PartyTicket}}, date = {2022-03-21}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-hermeticwiper-partyticket}, language = {English}, urldate = {2022-03-25} } eSentire Threat Intelligence Malware Analysis: HermeticWiper & PartyTicket
HermeticWiper PartyTicket
2022-03-14KasperskyGReAT
@online{great:20220314:webinar:f6bfb3c, author = {GReAT}, title = {{Webinar on cyberattacks in Ukraine – summary and Q&A}}, date = {2022-03-14}, organization = {Kaspersky}, url = {https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/}, language = {English}, urldate = {2022-04-05} } Webinar on cyberattacks in Ukraine – summary and Q&A
HermeticWiper HermeticWizard IsaacWiper PartyTicket WhisperGate
2022-03-10BrightTALK (Kaspersky GReAT)Costin Raiu, Marco Preuss, Kurt Baumgartner, Dan Demeter, Ivan Kwiatkowski
@online{raiu:20220310:brighttalk:a3d9072, author = {Costin Raiu and Marco Preuss and Kurt Baumgartner and Dan Demeter and Ivan Kwiatkowski}, title = {{BrightTALK: A look at current cyberattacks in Ukraine}}, date = {2022-03-10}, organization = {BrightTALK (Kaspersky GReAT)}, url = {https://www.brighttalk.com/webcast/15591/534324}, language = {English}, urldate = {2022-04-05} } BrightTALK: A look at current cyberattacks in Ukraine
HermeticWiper HermeticWizard IsaacWiper PartyTicket WhisperGate
2022-03-10splunkSplunk Threat Research Team
@online{team:20220310:detecting:d1cb280, author = {Splunk Threat Research Team}, title = {{Detecting HermeticWiper}}, date = {2022-03-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-hermeticwiper.html}, language = {English}, urldate = {2022-03-22} } Detecting HermeticWiper
HermeticWiper PartyTicket
2022-03-04Threat PostLisa Vaas
@online{vaas:20220304:free:60674b1, author = {Lisa Vaas}, title = {{Free HermeticRansom Ransomware Decryptor Released}}, date = {2022-03-04}, organization = {Threat Post}, url = {https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/}, language = {English}, urldate = {2022-03-07} } Free HermeticRansom Ransomware Decryptor Released
PartyTicket
2022-03-04MandiantJames Sadowski, Ryan Hall
@online{sadowski:20220304:responses:0b94dae, author = {James Sadowski and Ryan Hall}, title = {{Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation}}, date = {2022-03-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation}, language = {English}, urldate = {2022-03-07} } Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation
HermeticWiper PartyTicket WhisperGate
2022-03-03Trend MicroTrend Micro Research
@techreport{research:20220303:ioc:216aad3, author = {Trend Micro Research}, title = {{IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks}}, date = {2022-03-03}, institution = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict/IOC%20Resource%20for%20Russia-Ukraine%20Conflict-Related%20Cyberattacks-03032022.pdf}, language = {English}, urldate = {2022-03-04} } IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks
ClipBanker Conti HermeticWiper PartyTicket WhisperGate
2022-03-03Bleeping ComputerBill Toulas
@online{toulas:20220303:free:f5952fa, author = {Bill Toulas}, title = {{Free decryptor released for HermeticRansom victims in Ukraine}}, date = {2022-03-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-hermeticransom-victims-in-ukraine/}, language = {English}, urldate = {2022-03-04} } Free decryptor released for HermeticRansom victims in Ukraine
PartyTicket
2022-03-03Avast DecodedThreat Research Team
@online{team:20220303:help:d086921, author = {Threat Research Team}, title = {{Help for Ukraine: Free decryptor for HermeticRansom ransomware}}, date = {2022-03-03}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/}, language = {English}, urldate = {2022-03-03} } Help for Ukraine: Free decryptor for HermeticRansom ransomware
PartyTicket
2022-03-02TechtargetArielle Waldman
@online{waldman:20220302:crowdstrike:2967602, author = {Arielle Waldman}, title = {{CrowdStrike cracks PartyTicket ransomware targeting Ukraine}}, date = {2022-03-02}, organization = {Techtarget}, url = {https://www.techtarget.com/searchsecurity/news/252514091/CrowdStrike-cracks-PartyTicket-ransomware-targeting-Ukraine}, language = {English}, urldate = {2022-03-07} } CrowdStrike cracks PartyTicket ransomware targeting Ukraine
PartyTicket
2022-03-02Recorded FutureInsikt Group
@techreport{group:20220302:hermeticwiper:66c202b, author = {Insikt Group}, title = {{HermeticWiper and PartyTicket Targeting Computers in Ukraine}}, date = {2022-03-02}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/mtp-2022-0302.pdf}, language = {English}, urldate = {2022-03-04} } HermeticWiper and PartyTicket Targeting Computers in Ukraine
HermeticWiper PartyTicket
2022-03-01ESET ResearchESET Research
@online{research:20220301:isaacwiper:a2ff019, author = {ESET Research}, title = {{IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine}}, date = {2022-03-01}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/}, language = {English}, urldate = {2022-03-02} } IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
HermeticWiper IsaacWiper PartyTicket
2022-03-01CrowdStrikeCrowdStrike Intelligence Team
@online{team:20220301:decryptable:27c195e, author = {CrowdStrike Intelligence Team}, title = {{Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities}}, date = {2022-03-01}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/}, language = {English}, urldate = {2022-03-07} } Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
PartyTicket
2022-03-01KasperskyGReAT
@online{great:20220301:elections:1f89f9b, author = {GReAT}, title = {{Elections GoRansom – a smoke screen for the HermeticWiper attack}}, date = {2022-03-01}, organization = {Kaspersky}, url = {https://securelist.com/elections-goransom-and-hermeticwiper-attack/105960/}, language = {English}, urldate = {2022-03-02} } Elections GoRansom – a smoke screen for the HermeticWiper attack
PartyTicket
2022-03-01Kaspersky LabsKaspersky
@online{kaspersky:20220301:ransomware:159de87, author = {Kaspersky}, title = {{Ransomware as a distraction}}, date = {2022-03-01}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/blog/hermeticransom-hermeticwiper-attacks-2022/43825/}, language = {English}, urldate = {2022-03-08} } Ransomware as a distraction
HermeticWiper PartyTicket
2022-02-28MicrosoftMSRC Team
@online{team:20220228:cyber:8ef46fd, author = {MSRC Team}, title = {{Cyber threat activity in Ukraine: analysis and resources}}, date = {2022-02-28}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine}, language = {English}, urldate = {2022-03-07} } Cyber threat activity in Ukraine: analysis and resources
HermeticWiper IsaacWiper PartyTicket WhisperGate
2022-02-25Zscaler
@online{zscaler:20220225:technical:b872b8e, author = {Zscaler}, title = {{Technical Analysis of PartyTicket Ransomware}}, date = {2022-02-25}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware}, language = {English}, urldate = {2022-03-01} } Technical Analysis of PartyTicket Ransomware
PartyTicket

There is no Yara-Signature yet.