[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:10
[ALL_FAMILIES]

EKANS

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
EKANS
CATEGORY:
RANSOMWARE
DESCRIPTION:
EKANS, also known as Snake, is a ransomware written in Go that has been observed targeting Industrial Control Systems (ICS) environments.
ALIASES:
SnakeSnake-Ekans
TAGS:
file_encryptionICS

[MUTEX_SIGNATURES](1)

[MUTEX_01]
EKANS
ANALYST: @adhikara13 DATE: 2024-08-01
REFERENCES:
https://id-ransomware.blogspot.com/2020/01/ekans-snake-ransomware.html
https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/
https://www.acronis.com/en-sg/blog/posts/snakeekans-ransomware-attacks-industrial-control-systems-acronis-stops-it/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2019

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:2
TAGS:2
CATEGORY:RANSOMWARE
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]