Ryuk
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 13/05/2020 22:14
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 50 attack patterns (mitre), 3 intrusion sets (apt), 9 sectors, 7 countries, 97 indicators, 4 vulnerabilities (cve)
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (50)
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1070 usesIndicator Removal MITRE
-
T1205 usesTraffic Signaling MITRE
-
T1195 usesSupply Chain Compromise MITRE
-
T1106 usesNative API MITRE
-
T1036 usesMasquerading MITRE
-
T1489 usesService Stop MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1102 usesWeb Service MITRE
-
T1566 usesPhishing MITRE
Intrusion sets (APT) (3)
-
DPRK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (9)
-
Manufacturing targets
-
High-tech targets
-
Public Health targets
-
Government targets
-
Chemical targets
-
Education targets
-
Healthcare targets
-
Retail targets
-
Human Services targets
Countries (7)
-
Korea, Republic of targets
-
Italy targets
-
Brazil targets
-
Germany targets
-
United States of America targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Canada targets
Indicators (97)
-
stix 100/100 Revoked
Stonefly
· Valid until 22/06/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
http://servx278x.xyz:4044indicatesstix 100/100 Revoked· Valid until 29/05/2022 · Source: AlienVault -
http://31.44.185.11:4001indicatesstix 100/100 Revoked· Valid until 29/05/2022 · Source: AlienVault -
stix 100/100
SHA256 of 70652edadedbacfd30d33a826853467d
· Valid until 01/09/2026 · Source: AlienVault -
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/03/2024 · Source: AlienVault
-
stix 100/100 Revoked
SHA256 of 87a6bda486554ab16c82bdfb12452e8b
· Valid until 22/06/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
http://128.31.0.34:9131indicatesstix 100/100 Revoked· Valid until 29/05/2022 · Source: AlienVault
Vulnerabilities (CVE) (4)
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
- Published
- 28/01/2022
- Modified
- 20/12/2025
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
- Attack vector
- Network
- Published
- 10/02/2023
- Modified
- 20/12/2025