Yashma Ransomware, Tracing the Chaos Family Tree.
It’s not often that we get to observe the behind-the-scenes drama that can accompany the creation of new malware, but when we do, it gives us a fascinating glimpse into how threat actors operate. One such glimpse, stemming from an online exchange between a ransomware perpetrator and a victim, gave us new insights into the origins of Chaos malware, revealing a twisted family tree that links it to both Onyx and Yashma ransomware variants.
The clues surfaced during a discussion between a recent victim and the threat group behind Onyx, taking place on the threat actor’s leak site. Someone claiming to be the creator of the Chaos ransomware builder’s kit joined the conversation, and revealed that Onyx was constructed from the author’s own Chaos v4.0 Ransomware Builder.
https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree
@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv
