{
  "name": "THREAT ANALYSIS: Beast Ransomware",
  "slug": "threat-analysis-beast-ransomware",
  "description": "The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha20, and features multithreaded file encryption, process termination, shadow copy deletion, and subnet scanning. The ransomware avoids encrypting data in CIS countries and uses SMB scans for self-propagation. It targets various file formats and creates a unique mutex to prevent multiple instances. The Cybereason Defense Platform offers advanced detection and prevention features against Beast Ransomware.",
  "published": "2024-10-19T12:59:03+00:00",
  "created_at": "2024-10-19T12:59:03+00:00",
  "modified_at": "2024-10-21T07:53:33+00:00",
  "created_at_opencti": "2024-10-19T12:59:03+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-10-19",
    "beast ransomware",
    "encryption",
    "esxi",
    "file-targeting",
    "geofencing",
    "linux",
    "monster",
    "multithreading",
    "raas",
    "self-propagation",
    "windows"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:1a23b4b25fb7a2e9",
        "name": "Beast Ransomware",
        "slug": "beast-ransomware"
      },
      {
        "id": "legacy:malware:0e818bfa0679df30",
        "name": "Monster",
        "slug": "monster"
      }
    ],
    "intrusion_sets": [
      {
        "id": "26bc10ae-016a-4ea7-a6be-5ed94b905253",
        "name": "Beast Ransomware",
        "slug": "beast-ransomware"
      }
    ],
    "attack_patterns": [
      {
        "id": "894026fa-e537-4b95-b612-7dd8bc367a0d",
        "name": "T1078.001"
      },
      {
        "id": "5d2af906-6187-4702-ab9f-590fbe5b1ca3",
        "name": "T1021.002"
      },
      {
        "id": "985513c3-6e7b-441f-87f7-7923e1758e9c",
        "name": "T1078.002"
      },
      {
        "id": "b15c00da-c412-4429-900c-659de612baf5",
        "name": "T1543.003"
      },
      {
        "id": "d5c953ff-b143-41b6-bf2d-87b829132ea5",
        "name": "T1135"
      },
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "436e795b-553f-444e-b837-65818d8f539f",
        "name": "T1119"
      },
      {
        "id": "d9f271ed-7685-4362-b90d-f16a14102f39",
        "name": "T1489"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Moldova, Republic of"
      },
      {
        "id": "",
        "name": "Belarus"
      },
      {
        "id": "",
        "name": "Russian Federation"
      }
    ]
  },
  "external_refs": [
    "https://www.cybereason.com/blog/threat-analysis-beast-ransomware",
    "https://otx.alienvault.com/pulse/6713c93713a36a29fcaaf688"
  ]
}