███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Risen

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Risen

CATEGORY:

RANSOMWARE

DESCRIPTION:

Risen is a ransomware family operated by the Risen Group, designed to encrypt files on compromised systems and demand cryptocurrency payments for decryption. The malware uses sophisticated encryption techniques and is known for its targeted attacks.

ALIASES:

risen ransomware

TAGS:

ransomwarefile_encryptionapttargeted_attacks

[MUTEX_SIGNATURES](1)

[MUTEX_01]

risen_mutex

ANALYST: @adhikara13 DATE: 2024-07-19

REFERENCES:

https://motasem-notes.net/ranswomare-analysis-reverse-engineering-risen-ransomware-letsdefend-walkthrough/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠risen group

FIRST_OBSERVED:

Unknown

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:4

CATEGORY:RANSOMWARE

Malware profile loaded successfully