Ryuk
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 13/05/2020 22:14
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 50 attack patterns (mitre), 3 intrusion sets (apt), 9 sectors, 7 countries, 97 indicators, 4 vulnerabilities (cve)
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (50)
Intrusion sets (APT) (3)
-
DPRK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally known for the creation and deployment of [TrickBot](https://attack.mitre.org/software/S0266) since at least 2016. [Wizard Spider](https://attack.mitre.org/groups/G0102) possesses a diverse arsenal…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (9)
-
Manufacturing targets
-
High-tech targets
-
Public Health targets
-
Government targets
-
Chemical targets
-
Education targets
-
Healthcare targets
-
Retail targets
-
Human Services targets
Countries (7)
-
Korea, Republic of targets
-
Italy targets
-
Brazil targets
-
Germany targets
-
United States of America targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Canada targets
Indicators (97)
-
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
stix 100/100 Revoked
Nrv2x SHA256 of 8e3a80163ebba090c69ecdeec8860c8b
· Valid until 16/07/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 12/08/2024 · Source: AlienVault
-
http://db2.pushsecs.info:40690indicatesstix 100/100 Revoked· Valid until 29/05/2022 · Source: AlienVault -
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
stix 100/100 Revoked
TrojanDownloader.Agent
· Valid until 28/10/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 02/10/2023 · Source: AlienVault
Vulnerabilities (CVE) (4)
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
- Published
- 28/01/2022
- Modified
- 20/12/2025
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation …
- Published
- 03/11/2021
- Modified
- 20/12/2025
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
- Attack vector
- Network
- Published
- 10/02/2023
- Modified
- 20/12/2025