███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Pandora

ransomware2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Pandora

CATEGORY:

RANSOMWARE

DESCRIPTION:

Pandora is a ransomware-as-a-service (RaaS) operation that emerged in 2022, targeting Windows and Linux systems. It uses custom encryption algorithms and is designed to evade detection while maximizing damage. The malware creates mutexes to prevent multiple instances from running simultaneously and uses sophisticated techniques to bypass security measures.

ALIASES:

Pandora Ransomware

TAGS:

file_encryptionransom_demandwindowslinuxraasmulti_platformevasion

[MUTEX_SIGNATURES](2)

[MUTEX_01]

ThisisMutexa

ANALYST: @adhikara13 DATE: 2025-01-15

REFERENCES:

https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware

https://www.fortinet.com/blog/threat-research/looking-inside-pandoras-box

https://cyble.com/blog/deep-dive-analysis-pandora-ransomware/

[MUTEX_02]

FFFFFMutex

ANALYST: @adhikara13 DATE: 2024-07-19

REFERENCES:

https://app.any.run/tasks/a6b6fe42-6b10-471e-9fc8-8bc8b793601d

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2022

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:2

THREAT_ACTORS:1

ALIASES:1

TAGS:7

CATEGORY:RANSOMWARE

Malware profile loaded successfully