Mastodawn

📢 Analyse technique complète du ransomware Payload : dérivé de Babuk, Curve25519+ChaCha20, 12 victimes
📝 *Analyse statique complète du ransomware Payload, dérivé du code source Babuk 2021, utilisant Curve25519+ChaCha...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-21-analyse-technique-complete-du-ransomware-payload-derive-de-babuk-curve25519-chacha20-12-victimes/
🌐 source : https://www.derp.ca/research/payload-ransomware-babuk-derivative/
#Babuk #ChaCha20 #Cyberveille

Analyse technique complète du ransomware Payload : dérivé de Babuk, Curve25519+ChaCha20, 12 victimes

Analyse statique complète du ransomware Payload, dérivé du code source Babuk 2021, utilisant Curve25519+ChaCha20, ciblant Windows et ESXi avec 12 victimes et 2 603 Go exfiltrés.

CyberVeille

CyberVeille.ch Nov 8, 2025

📢 Midnight, héritier de Babuk : analyse technique et guide de déchiffrement
📝 Selon un billet de blog technique publié le 8 novembre 2025, l’article explore en profondeur la souche de rançongiciel « Midnight ».
📖 cyberveille : https://cyberveille.ch/posts/2025-11-08-midnight-heritier-de-babuk-analyse-technique-et-guide-de-dechiffrement/
🌐 source : https://www.gendigital.com/blog/insights/research/midnight-ransomware
#Babuk #IOC #Cyberveille

Midnight, héritier de Babuk : analyse technique et guide de déchiffrement

Selon un billet de blog technique publié le 8 novembre 2025, l’article explore en profondeur la souche de rançongiciel « Midnight ». L’analyse détaille la « généalogie » de Midnight à partir de Babuk, en décrivant son anatomie technique et ses caractéristiques clés. Elle met l’accent sur les indicateurs critiques d’infection (IOCs) permettant d’identifier une compromission. L’élément central de la publication est un guide pratique de déchiffrement destiné aux victimes, offrant une opportunité rare de récupérer les données sans verser de rançon. 🔐

CyberVeille

TechNadu Oct 14, 2025

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Full Details:
https://www.technadu.com/qantas-customer-data-was-published-after-the-july-cyber-breach-impacting-5-million-people/611263/

Follow TechNadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

TechNadu Oct 11, 2025

🚨 Velociraptor DFIR exploited in LockBit ransomware attacks.

Huntress and Cisco Talos link Storm-2603 to a new campaign abusing outdated Velociraptor builds for privilege escalation, lateral movement, and ransomware deployment.

The crew reportedly used SharePoint exploits (ToolShell) and domain admin creation before dropping LockBit, Warlock, and Babuk payloads.

💬 Are open-source DFIR tools the next frontier for living-off-the-land tactics?

Follow @technadu for more cutting-edge cyber threat intelligence.

#CyberSecurity #DFIR #Velociraptor #Ransomware #LockBit #Warlock #Babuk #ThreatIntel #Storm2603 #Infosec #IncidentResponse #ThreatHunting #TechNadu #CyberAwareness

The DefendOps Diaries Oct 9, 2025

They’re turning the tables—hackers are hijacking Velociraptor (a tool meant to catch them) to launch sneaky ransomware and double-extortion attacks. Just when you thought defenders had it all figured out, the game has changed.

https://thedefendopsdiaries.com/attackers-weaponize-velociraptor-dfir-tool-in-ransomware-campaigns/

#velociraptor
#ransomware
#dfir
#cve20256264
#cybersecurity
#threatactors
#doubleextortion
#infosec
#lockbit
#babuk

Attackers Weaponize Velociraptor DFIR Tool in Ransomware Campaigns

Attackers exploit a Velociraptor DFIR vulnerability to deploy ransomware, evade detection, and use double-extortion tactics in recent campaigns.

The DefendOps Diaries

amvinfe Apr 6, 2025

HellCat strongly defended the authorship of the attacks, avoiding any ambiguity in credit distribution among its members.
"Am I supposed to prove my attacks? If so, just wait for the deadline to end and download the data—nothing more. We already have a profile."

https://www.suspectfile.com/hellcat-rey-and-grep-internal-dynamics-and-conflicting-claims-in-the-orange-and-highwire-press-cases/

#HellCat #Rey #Babuk #Orange #Infosec #Data_Breach #Ransomware #Lies

Show thread

teufelswerk Apr 4, 2025

Auf ihrer Darknet-Website gab die Babuk-Ransomware-Gruppe bekannt, dass sie angeblich rund 750 GB Daten sowie E-Mail-Zugangsdaten von #Rheinmetall Defence gestohlen hat. Insgesamt soll es sich dabei um 1400 Dateien handeln. Zu den gestohlenen Daten zählen laut #Babuk Militärverträge, E-Mails, Geschäftstransaktionen des Unternehmens, Details und Bilder von Produkten sowie viele weitere Informationen.

Weitere Infos und Screenshots gibt es hier:
https://teufelswerk.net/die-babuk-ransomware-gruppe-hat-heute-im-darknet-bekanntgegeben-dass-sie-rheinmetall-defence-gehackt-hat/

Die Babuk Ransomware Gruppe gab heute im Darknet bekannt, dass sie Rheinmetall Defence gehackt hat

Rheinmetall Opfer eines Ransomware-Angriffs? Die Babuk Ransomware Gruppe (babuk-bjorka) hat heute auf ihrer Website im Darknet bekanntgegeben, dass

teufelswerk | IT-Sicherheit & Cybersecurity

teufelswerk Apr 4, 2025

Die Babuk Ransomware Gruppe (babuk-bjorka) hat heute auf ihrer Website im Darknet bekanntgegeben, dass sie Rheinmetall Defence (rheinmetall.com) gehackt hat.

#babuk #babukbjorka #ransomware #ransom #rheinmetall #gehackt #hack #hacker #rheinmetalldefence #cybersecurity #itsicherheit #leaksdata #datenschutz #militar