Atomsilo

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

AtomSilo is a type of malware that has been linked to several other ransomware families including LockFile, Rook, Night Sky, and Pandora. This connection was revealed through the analysis of Cobalt Strike Beacon samples loaded by HUI Loader. CTU analysis suggests that these five ransomware families were developed from two distinct codebases: one for LockFile and AtomSilo, and another for Rook, Night Sky, and Pandora. AtomSilo has been implicated in significant cyber attacks, such as the compromise of pharmaceutical company Eisai in December 2021. The operational patterns of these ransomware families do not align with typical financially motivated cybercrime operations. A third-party report attributes the activities of LockFile, AtomSilo, Rook, and Night Sky to a Chinese threat group known as DEV-0401, suggesting that these attacks may be state-sponsored. Other reports indicate an overlap in TTP (Tactics, Techniques, and Procedures) between LockFile and AtomSilo intrusions, further linking these ransomware families together. As of mid-April, a total of 21 victims had been listed across AtomSilo, Rook, Night Sky, and Pandora leak sites. In response to this threat, a decryptor tool for AtomSilo and LockFile was released in October 2021, allowing victims to recover files encrypted by these ransomware families. This development may have prompted the threat actors to create a new ransomware family based on Babuk’s source code. However, they appear to have limited its use to brief, targeted deployments, likely to avoid detection by security researchers. The initial appearance of these ransomware families starting from mid-2021 suggests that the threat actors first developed LockFile and AtomSilo before moving on to develop Rook, Night Sky, and Pandora.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lockfile	1	LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX
Night Sky	1	Night Sky is a potent form of malware that has been linked to several significant ransomware activities, including LockFile, AtomSilo, Rook, and Pandora. Analysis of the Cobalt Strike Beacon samples loaded by HUI Loader has revealed a connection between AtomSilo, Night Sky, and Pandora ransomware, s
Babuk	1	Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
Rook	1	Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom
Pandora Ransomware	1	Pandora ransomware is a type of malware that has been connected to several other malicious software strains, including AtomSilo, Night Sky, and Rook. Researchers from CTU identified code overlap between the updated HUI Loader samples and Pandora ransomware, suggesting a common origin or shared devel

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Loader

Ransom

Cybercrime

Extortion

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Cobalt Strike Beacon	Unspecified	1	Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Blackmatter	Unspecified	1	BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention
Bronze Starlight	Unspecified	1	Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2021-44228	Unspecified	1	CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b

Source Document References

Information about the Atomsilo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	Ransomware attack impacts Eisai
Secureworks	a year ago	BRONZE STARLIGHT Ransomware Operations Use HUI Loader
CERT-EU	a year ago	200+ Free Ransomware Decryption Tools You Need [2022 List]