【インディケータ情報】
■ハッシュ情報(Sha256) -Ranzy Locker -
c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79
(以上は Sentinel Labs の情報: 引用元は https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/)
■ハッシュ情報(Sha1) - Ranzy Locker -
43ccf398999f70b613e1353cfb6845ee09b393ca
35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
38b86dacb1568af968365663c548bd9556fe0849
20102532dfc58bc8256f507da4a177850f349f7a
9a77e2f8bf0da35f7d84897c187e3aff322f024d
(以上は Sentinel Labs の情報: 引用元は https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/)
■MITRE ATT&CK - Ranzy Locker -
Indicator Removal on Host: File Deletion T1070.004
Modify Registry T1112
Query Registry T1012
System Information Discovery T1082
Peripheral Device Discovery T1120
Inhibit System Recovery T1490
Create or Modify System Process: Windows Service T1031
Exfiltration TA0010
【検索】
google: Ranzy
google:news: Ranzy
https://www.hatena.ne.jp/o/search/top?q=Ranzy
google: c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
google: 393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
google: 90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
google: bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
google: ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79
google: 43ccf398999f70b613e1353cfb6845ee09b393ca
google: 35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
google: 38b86dacb1568af968365663c548bd9556fe0849
google: 20102532dfc58bc8256f507da4a177850f349f7a
google: 9a77e2f8bf0da35f7d84897c187e3aff322f024d
【VT検索】
https://www.virustotal.com/gui/file/c4f72b292750e9332b1f1b9761d5aefc07301bc15edf31adeaf2e608000ec1c9
https://www.virustotal.com/gui/file/393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
https://www.virustotal.com/gui/file/90691a36d1556ba7a77d0216f730d6cd9a9063e71626489094313c0afe85a939
https://www.virustotal.com/gui/file/bbf122cce1176b041648c4e772b230ec49ed11396270f54ad2c5956113caf7b7
https://www.virustotal.com/gui/file/ade5d0fe2679fb8af652e14c40e099e0c1aaea950c25165cebb1550e33579a79
https://www.virustotal.com/gui/file/43ccf398999f70b613e1353cfb6845ee09b393ca
https://www.virustotal.com/gui/file/35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
https://www.virustotal.com/gui/file/38b86dacb1568af968365663c548bd9556fe0849
https://www.virustotal.com/gui/file/20102532dfc58bc8256f507da4a177850f349f7a
https://www.virustotal.com/gui/file/9a77e2f8bf0da35f7d84897c187e3aff322f024d
【ブログ】
◆Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative (Sentinel Labs, 2020/11/18)
https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/
【関連まとめ記事】
◆全体まとめ
◆マルウェア / Malware (まとめ)
◆ランサムウェア (まとめ)
◆ThunderX / Ranzy Locker (まとめ)
https://malware-log.hatenablog.com/entry/ThunderX