███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Rook

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Rook

CATEGORY:

RANSOMWARE

DESCRIPTION:

Rook is a ransomware family designed to encrypt files on compromised systems and demand cryptocurrency payments for decryption. The malware uses sophisticated encryption techniques and is known for its targeted attacks against organizations.

ALIASES:

rook ransomware

TAGS:

ransomwarefile_encryptiontargeted_attacks

[MUTEX_SIGNATURES](1)

[MUTEX_01]

asfgjkl878645165456fa888

ANALYST: @adhikara13 DATE: 2024-07-19

REFERENCES:

https://www.infosecinstitute.com/resources/malware-analysis/rook-ransomware-analysis/

https://seguranca-informatica.pt/rook-ransomware-analysis/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

Unknown

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:3

CATEGORY:RANSOMWARE

Malware profile loaded successfully