{
  "name": "Deep Dive Into Allegedly AI-Generated FunkSec Ransomware",
  "slug": "deep-dive-into-allegedly-ai-generated-funksec-ransomware",
  "description": "A new Rust-based ransomware called FunkSec has emerged, claiming to use artificial intelligence in its development. First appearing in 2024, it demonstrates a mix of sophisticated capabilities and developmental inconsistencies. FunkSec implements advanced features like XChaCha20 encryption and comprehensive anti-VM techniques, but also shows peculiarities such as dependency on downloading a specific wallpaper image. The malware disables Windows security features, establishes persistence via scheduled tasks, and targets multiple file extensions. It employs various evasion techniques, including disabling event logging and real-time protection. The ransomware's execution reveals technical anomalies, suggesting it may still be in development and could evolve further.",
  "published": "2025-03-04T02:59:21+00:00",
  "created_at": "2025-03-04T02:59:21+00:00",
  "modified_at": "2025-03-04T08:31:38+00:00",
  "created_at_opencti": "2025-03-04T02:59:21+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-03-04",
    "ai-generated",
    "anti-vm",
    "evasion techniques",
    "funksec",
    "persistence",
    "ransomware"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "00acf5d0db7ef50140dae7a3482d9db80704ec98670bd1607e76c99382a4888c"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:327b6b2f642913e6",
        "name": "FunkSec",
        "slug": "funksec"
      }
    ],
    "attack_patterns": [
      {
        "id": "0eb00217-8dfd-425c-a6f0-bcf0c3120e7f",
        "name": "T1471"
      }
    ]
  },
  "external_refs": [
    "https://hybrid-analysis.blogspot.com/2025/03/hybrid-analysis-deep-dive-into.html",
    "https://otx.alienvault.com/pulse/67c67a99dcb8de1ac783f5e7"
  ]
}