███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Mamona

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Mamona

CATEGORY:

RANSOMWARE

DESCRIPTION:

Mamona is a ransomware-as-a-service (RaaS) operation that has been observed in various cybercriminal campaigns. The malware is designed to encrypt files on victim systems and demand payment for decryption. It is associated with the Global Group and employs sophisticated encryption techniques to target organizations globally.

ALIASES:

Mamona Ransomware

TAGS:

file_encryptionraasextortionglobal_groupcybercriminal

[MUTEX_SIGNATURES](1)

[MUTEX_01]

Global\Fxo16jmdgujs437

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://app.threat.zone/submission/2236ec1f-eaaa-4b19-b864-4059dac59efa/dynamic-scan-report/behaviour/mutex

https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Mamona Group

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:RANSOMWARE

Malware profile loaded successfully