Phorpiex - Downloader Delivering Ransomware
Essential information
- Published
- 29/01/2025 12:58
- Modified
- 29/01/2025 13:32
- Tags
- 2025-01-29 botnet downloader gandcrab lockbit phishing phorpiex ransomware twizt
- Related entities
- 13 observables, 1 intrusion sets (apt), 2 malware, 14 others
Description
The report analyzes the Phorpiex botnet's role in delivering LockBit Black Ransomware. It highlights the automated execution of ransomware through Phorpiex, minimal changes to the botnet's code since its source code sale in 2021, and direct deployment of LockBit without network expansion. The analysis covers the infection flow, phishing emails, and technical details of different Phorpiex variants. Key features include URL cache deletion, library obfuscation, indicator removal, and persistence mechanisms. The report also provides a comparative analysis of LockBit, GandCrab, and TWIZT downloader variants, along with IOCs and MITRE ATT&CK mapping.