Prometheus
Description
Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.
| External Analysis |
| https://therecord.media/decryptor-released-for-prometheus-ransomware-victims |
| https://unit42.paloaltonetworks.com/prometheus-ransomwar |
| https://id-ransomware.blogspot.com/2021/05/prometheus-ransomware.html |
| https://medium.com/cycraft/prometheus-decryptor-6933e7bac1ea |
| https://medium.com/cycraft/the-road-to-ransomware-resilience-c1ca37036efd |
| https://medium.com/s2wlab/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd |
| https://securityintelligence.com/posts/ransomware-encryption-goes-wrong/ |
| https://therecord.media/decryptor-released-for-prometheus-ransomware-victims/ |
| https://twitter.com/inversecos/status/1441252744258461699?s=20 |
| https://unit42.paloaltonetworks.com/prometheus-ransomware/ |
| https://www.cybereason.com/blog/cybereason-vs.-prometheus-ransomware |
| https://www.sentinelone.com/labs/spook-ransomware-prometheus-derivative-names-those-that-pay-shames-those-that-dont/ |
| Urls |
Screen |
| http://promethw27cbrcot.onion/blog/ |
|