Ragnarok
According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.
Victims
3
First Discovered
2021-03-31
victim
Last Discovered
2021-12-30
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
N/A
victims with domain
Countries
0
hit
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
No | 2026-04-28T07:28:15 |
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
|
||||
|
Decrypt Site | No | 2026-04-28T07:25:43 |
sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion
|
Target
Top 5 Activity Sectors
- Financial Services 1
- Technology 1
- Consumer Services 1
Top 5 Countries
Heatmap
Ransom Notes (2)
YARA Rules (1)
Indicators of Compromise (IoCs) (5)
Email
5
| Type | IOC |
|---|---|
Email
|
asgardmaster5@protonmail.com
|
Email
|
christian1986@tutanota.com
|
Email
|
j.jasonm@yandex.com
|
Email
|
melling@confidential.tips
|
Email
|
ragnar0k@ctemplar.com
|
Victims (3)
