Yanluowang Defunct

Targeted large enterprises. Internal chats leaked. Named after Chinese deity.
PDF Report Back to Groups
0
Total Victims
2021-10-01
First Seen
N/A
Last Seen
11
Known TTPs
10.9d
Avg Delay
0
Negotiations
ONION URLS
jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad.onion
TOOLS
BazarLoader Cobalt Strike
FILE EXTENSIONS
.yanluowang
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1071.001 Web Protocols Command and Control
T1055 Process Injection Defense Evasion
T1018 Remote System Discovery Discovery
T1135 Network Share Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1204.001 Malicious Link Execution
T1490 Inhibit System Recovery Impact
T1078 Valid Accounts Initial Access
T1189 Drive-by Compromise Initial Access
T1021.004 SSH Lateral Movement
T1547.001 Registry Run Keys Persistence

No YARA rules

No IoCs

No ransom notes