216.73.216.133

Beast Ransomware Toolkit: A Proactive Threat Intelligence Report

· Published 20/03/2026 08:12 · Modified 20/03/2026 08:46

Export JSON

Essential information

Published
20/03/2026 08:12
Modified
20/03/2026 08:46
Tags
2026-03-20 beast encryption exfiltration lateral movement monster raas ransomware reconnaissance toolkit
Related entities
7 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 malware

Description

This analysis delves into the , a -as-a-Service () that emerged in June 2024 as a successor to . The investigation focuses on a server detected in March 2026, revealing the operators' and attack methodology. The includes various tools for , network mapping, credential theft, persistence, , , and impact. Notable findings include the presence of both Windows and Linux versions of , indicating targeting of workstations and Linux servers on VMware ESXi hypervisors. The report highlights the importance of proactive collection of internet telemetry in identifying operators' toolkits before they can be used against targets.

External references