[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:10
[ALL_FAMILIES]

DJVU

ransomware2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
DJVU
CATEGORY:
RANSOMWARE
DESCRIPTION:
DJVU (also known as Stop) is a ransomware family that has been observed in various cybercriminal campaigns. The malware is designed to encrypt files on victim systems and demand payment for decryption. It has been noted for its familiar characteristics and sophisticated encryption techniques.
ALIASES:
DJVU RansomwareStop Ransomware
TAGS:
file_encryptionextortioncybercriminalstop_family

[MUTEX_SIGNATURES](2)

[MUTEX_01]
{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://blogs.blackberry.com/en/2022/09/djvu-the-ransomware-that-seems-strangely-familiar
[MUTEX_02]
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://blogs.blackberry.com/en/2022/09/djvu-the-ransomware-that-seems-strangely-familiar
https://tria.ge/230108-wwfvvaec82/behavioral2/analog?proc=100&main_event=Mutex&mutant=%7B1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D%7D

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2022

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:2
THREAT_ACTORS:1
ALIASES:2
TAGS:4
CATEGORY:RANSOMWARE
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]