███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Zola

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Zola

CATEGORY:

RANSOMWARE

DESCRIPTION:

Zola is a ransomware variant that belongs to the Proton family of malware. The ransomware is designed to encrypt files on victim systems and demand payment for decryption. It is known for its sophisticated encryption techniques and has been observed in various cybercriminal campaigns targeting organizations globally.

ALIASES:

Zola Ransomware

TAGS:

file_encryptionproton_familyextortioncybercriminal

[MUTEX_SIGNATURES](1)

[MUTEX_01]

4B991369-7C7C-47AA-A81E-EF6ED1F5E24C

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://www.acronis.com/en-gb/tru/posts/zola-ransomware-the-many-faces-of-the-proton-family/

https://www.loginsoft.com/post/zola-ransomware

https://cyberinsider.com/zola-ransomware-springs-to-action-as-latest-proton-variant/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:4

CATEGORY:RANSOMWARE

Malware profile loaded successfully