Key Group uses leaked builders of ransomware and wipers
· Published 02/10/2024 08:51 · Modified 02/10/2024 10:52
Essential information
- Published
- 02/10/2024 08:51
- Modified
- 02/10/2024 10:52
- Tags
- 2024-10-02 annabelle chaos hakuna matata judge/nocry leaked builders multi-stage loaders njrat persistence phishing ransomware ruransom russian-speaking slam telegram ux-cryptor wiper xorist
- Related entities
- 24 observables, 1 intrusion sets (apt), 17 techniques (mitre), 12 malware, 1 others
Description
Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group has been active since 2022, using various leaked ransomware builders and wipers, including Xorist, Chaos, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. They distribute their malware through phishing emails and GitHub repositories, often using multi-stage loaders. Key Group employs various persistence methods and primarily communicates with victims via Telegram. The group is suspected to be a subsidiary project of the Russian-speaking 'huis' group, known for conducting spam raids on Telegram channels. Key Group's use of publicly available ransomware builders highlights a growing trend among cybercriminal groups.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (24)
make-catherine.at.ply.ggf981e6f147e30b54a386239409d381801ecf082f64bffb91f8f8b05b89236fa3f43a122bd4356516d170e63185e0a523d17b9a2022e58d3b16e72e42bcf5e914dc8abf94a1c51cb7bfe4172fca1b5e3fe8b42eefc9e17b45ce5263e5d5cabb16f37452ab619dac62881a4de8dc2d716c7a0cb023ca8f20abf40bc7d3f198172fda5e78ad0e38c951bb4b53adcc5afe693c2e33533a45a9c666a8dc9852766ffdcf9be6bf5426c5138d3e6102ff1524480e1154aa29cb67d81a1a2d9087ebf471ca073b77bb9d36ab8aeec19b780f59024b5bb5d985312fb9ad0aa52adeb28775c4bfc91bdf1a923a602819485e98f26406b0293c83e0552635bef374420430c4b83cdc460fda3201dda1f3127e51041bd929101de1033d420a1c450890411564bf17f462722749cdbad455170d45b0b314311178207921a3ea9144b03eb31eb2b26784415a946873e073c3838499fb1bea96f1b6a637e15f1ae85662f859897991b620e308d2b19a3ddbad0b8ecb49de9afa28d13f6aaac201c5fd2c03f4dd458da2c94ce8fdf080155fbf1a373751eaeecd19d7acb2c67d9fe3591ca59a570f7eb42bb9392020befa617a3bc5f98e11eb1e4cfae22e1dde1b3b7cabc225a3256b96ca1829e4c8612b90865bd69b11ca98508acad7338e89a28e676576feceea4ed9ef7eef055ac73033b823d7d89a84acf80669ffbc88eac7b6c5093722dc8240040e55f9d9d3485ef73b98b994ef895ae0dd2fd3e187d027e3a1106a1e26503067211fbac8c7dab30074dc15c280b91589e14680d89e2927ccf2e470d2dbd324533220477a29dd5f2179f66295d75e9e4401a0c413fddd8b3bce9de7fd65f81dc05f28533a88807c1dca013c1bffa9a7afd78da1426c1fc329861dab11e5f50353e25eb6b5a7151861a6f69c3c4505a3021d1831376c3374a091f8e4cd11120cbca1a748510ca17fa6af478c90e8c2faccd885ed36ad54fb211b427c94161c1319bcc0aa02b8aa4aff182005ce9cd2a6b43b295844ba98221da623397a4cb6
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:45 · Modified 21/12/2025 06:45
Techniques (MITRE) (17)
-
Disable or Modify System Firewall
-
Dead Drop Resolver
-
Windows Service
-
Inhibit System Recovery
-
Boot or Logon Initialization Scripts
-
Software Packing
-
PowerShell
-
Registry Run Keys / Startup Folder
-
File Deletion
-
Disable or Modify Tools
-
Data Encrypted for Impact
-
User Execution
-
Deobfuscate/Decode Files or Information
-
Obfuscated Files or Information
-
Scheduled Task/Job
-
Modify Registry
-
Phishing
Malware (12)
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:56 · Modified 20/12/2025 21:56
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
FamilyPublished 02/10/2024 08:51 · Modified 02/10/2024 08:51
-
FamilyPublished 09/10/2025 03:41 · Modified 09/10/2025 03:41
-
FamilyPublished 16/09/2025 13:41 · Modified 16/09/2025 13:41
-
FamilyPublished 16/09/2025 13:41 · Modified 16/09/2025 13:41
-
FamilyPublished 16/09/2025 13:41 · Modified 16/09/2025 13:41
-
FamilyPublished 16/09/2025 13:41 · Modified 16/09/2025 13:41
Others (1)
- Russian Federation