Egregor
Description
(Malwarebytes) Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note.
As we’ve reported in the past, affiliates that were using Maze ransomware started moving over to Egregor even before the Maze gang officially announced they were calling it quits.
Names
| Name |
|---|
| Egregor |
Category
Malware
Type
- Ransomware
- Big Game Hunting
Information
- https://blog.malwarebytes.com/ransomware/2020/12/threat-profile-egregor-ransomware-is-making-a-name-for-itself/
- https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware
- https://securelist.com/targeted-ransomware-encrypting-data/99255/
- https://blog.minerva-labs.com/egregor-ransomware-an-in-depth-analysis
- https://www.trendmicro.com/en_us/research/20/l/egregor-ransomware-launches-string-of-high-profile-attacks-to-en.html
- https://www.ic3.gov/Media/News/2021/210108.pdf
- https://assets.sentinelone.com/labs/Egregor
- https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-007.pdf
- https://www.csoonline.com/article/3602148/egregor-ransomware-group-explained-and-how-to-defend-against-it.html
- https://www.group-ib.com/whitepapers/egregor-ransomware.html
- https://securityintelligence.com/posts/egregor-ransomware-negotiations-uncovered/
Mitre Attack
Malpedia
Alienvault Otx
Playbook
- https://pan-unit42.github.io/playbook_viewer/?pb=egregor-ransomware
- https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/
- https://www.emsisoft.com/ransomware-decryption-tools/maze-sekhmet-egregor
Other Information
Uuid
4e65ee26-1493-4c96-a38d-441224e8f833
Last Card Change
2022-12-30