Pandora Ransomware

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Pandora ransomware is a type of malware that has been connected to several other malicious software strains, including AtomSilo, Night Sky, and Rook. Researchers from CTU identified code overlap between the updated HUI Loader samples and Pandora ransomware, suggesting a common origin or shared development resources. The HUI Loader, which has been known to load Cobalt Strike Beacon, has also been linked to LockFile, AtomSilo, Rook, Night Sky, and Pandora ransomware activities. This connection was established through an analysis of the Cobalt Strike Beacon samples loaded by HUI Loader. Further analysis revealed that two HUI Loader samples that may have been hosted on certain servers share code with Pandora ransomware. This finding underscores the interconnections between these different types of malware, highlighting the complexities of the cybersecurity landscape. In addition to these connections, similarities were observed across Rook, Night Sky, and Pandora ransomware, further indicating possible shared origins or tactics among these threats. The Pandora ransomware is believed to be an evolution of a previous version attributed to the Chinese cyberespionage operation Bronze Starlight. Additionally, a new strain of ransomware, CatB, features a dropper with anti-analysis checking capabilities that eventually exploits MSDTC to enable the injection of the oci.dll payload with the ransomware strain, as per a SentinelOne report. This evolution and development of new ransomware strains illustrate the continuous advancement and sophistication of cyber threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Atomsilo
1
AtomSilo is a type of malware that has been linked to several other ransomware families including LockFile, Rook, Night Sky, and Pandora. This connection was revealed through the analysis of Cobalt Strike Beacon samples loaded by HUI Loader. CTU analysis suggests that these five ransomware families
Rook
1
Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom
Night Sky
1
Night Sky is a type of malware that has been linked to various ransomware activities, including LockFile, AtomSilo, Rook, and Pandora. HUI Loader samples that load Cobalt Strike Beacon have been found to be associated with these ransomware activities. Analysis of the Cobalt Strike Beacon samples loa
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Payload
Loader
Dropper
Exploits
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Cobalt Strike BeaconUnspecified
1
Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an
LockfileUnspecified
1
LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Bronze StarlightUnspecified
1
Bronze Starlight, a threat actor linked to China, has been implicated in a series of cyber-espionage activities and ransomware attacks. As reported by Secureworks, a Dell Technologies company, in 2022, Bronze Starlight targeted companies with ransomware, while also engaging in more clandestine activ
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b
Source Document References
Information about the Pandora Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Secureworks
a year ago
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
CERT-EU
a year ago
Novel CatB ransomware analyzed