Donex

Malware updated 2 months ago (2024-08-14T09:28:51.119Z)

Download STIX

Preview STIX

DoNex is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often without the user's knowledge. It operates by encrypting user data and then demanding a ransom for its decryption. In addition to this, DoNex was found to operate a data leak site on TOR, listing at least five victims from Europe and North America. The ransom note dropped by the ransomware included instructions for victims to contact the threat actors via a TOR site, TOX chat, or email. A noteworthy discovery during research into DoNex is its potential connection to another ransomware named DarkRace. DarkRace, which appeared in mid-2023, was found to have a very similar ransom note and configuration file to DoNex, suggesting a possible shared origin. However, it remains unclear whether the same developer or operators are behind both DoNex and DarkRace, as well as other ransomware groups such as Muse, Space Bears, Rabbit Hole, Qiulong, and Arcus Media. In response to the threat posed by DoNex and its predecessors, Avast, a global leader in digital security products, released a decryptor tool. This tool allows users infected with DoNex or related ransomware to decrypt their files without paying the ransom. The release of this decryptor represents a significant step in combating the threat posed by these malicious software variants.

Description last updated: 2024-08-14T08:46:15.121Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Darkrace is a possible alias for Donex. DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also thre	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Vulnerability

Malware

Ransom

Encrypt

Encryption

Tool

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Donex Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
InfoSecurity-magazine	2 months ago	New Ransomware Groups Emerge Despite Crackdowns
Securityaffairs	2 months ago	security-affairs-malware-newsletter-round-5
Fortinet	6 months ago	Ransomware Roundup - KageNoHitobito and DoNex
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	3 months ago	Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Avast released a decryptor for DoNex Ransomware and its predecessors
InfoSecurity-magazine	3 months ago	Avast Provides DoNex Ransomware Decryptor to Victims
BankInfoSecurity	3 months ago	What's the Best Strategy for Exploiting Flaws in Ransomware?
CERT-EU	7 months ago	New DoNex Ransomware Observed in the World Targeting Enterprises
CERT-EU	7 months ago	DoNex Ransomware Observed in the Wild Targeting Enterprises \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	New DoNex Ransomware Observed in the Wild Targeting Enterprises