NoEscape

Malware updated 22 days ago (2024-11-29T13:53:57.967Z)
Download STIX
Preview STIX
NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023, NoEscape orchestrated a major data breach against the French basketball team ASVEL. In the last quarter of 2023, the Talos Incident Response team reported their first encounters with NoEscape, along with Play, Cactus, and BlackSuit ransomware, noting a 17% rise in ransomware incidents during this period. The malware has been linked to other ransomware strains like Rhombus, as revealed by static analysis of the Hadooken binary and Aqua's malware study. However, dynamic analyses showed no active use of these links during attacks. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified an Iranian group, Fox Kitten, as providing initial access to compromised networks to operators of ransomware strains such as ALPHV (or BlackCat), Ransomhouse, and NoEscape, in return for a cut of any ransom collected. In December 2023, following the FBI’s announcement of a disruption campaign against the ALPHV ransomware, the LockBit ransomware group made a public call on a Russian-speaking dark web forum to recruit ALPHV (BlackCat) and NoEscape ransomware affiliates, including any ALPHV developers. This move indicates a potential shift in the landscape of cyber threats, with established groups seeking to consolidate power and resources in the face of increased law enforcement actions.
Description last updated: 2024-10-17T12:09:06.112Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Alphv is a possible alias for NoEscape. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p
6
Avaddon is a possible alias for NoEscape. Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like
5
Rhombus is a possible alias for NoEscape.
2
Ransomhouse is a possible alias for NoEscape. RansomHouse is a malicious software (malware) that has been active since 2021 and describes itself as a “professional mediators community” targeting organizations with lax attitudes towards customer data privacy and security. The malware infects systems through suspicious downloads, emails, or websi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Encryption
Malware
Extortion
Ddos
Exploit
Healthcare
Esxi
Windows
RaaS
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with NoEscape. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
4
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Fox Kitten Threat Actor is associated with NoEscape. Fox Kitten, an Iran-based cyber espionage group active since at least 2017, has been a significant threat actor in the cybersecurity landscape. This group primarily targets VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure for initial access into networks. The FBI identified FoUnspecified
2
Source Document References
Information about the NoEscape Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 months ago
DARKReading
3 months ago
DARKReading
4 months ago
InfoSecurity-magazine
4 months ago
CISA
4 months ago
ESET
9 months ago
CERT-EU
9 months ago
Trend Micro
10 months ago
Unit42
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago