Yanluowang’s Ransomware Group’s Internal Communications Leaked by Russian Threat Actors – An Analysis

Yanluowang’s ransomware group has recently had their internal communications leak online prompting various researcher into looking into them and analyzing them. The breach of the gang’s internal communications happened courtesy of Russian threat actors who also defaced and left a message on their front page.

The leak’s initiative has also released various source code in terms of the decryption tool for the ransomware including the source code of the builder.
Sample screenshots include:

The recent communication leaks are similar to the Conti leaks which I extensively data mined and profiled here.
Related actionable intelligence on the C&C server infrastructure:
hxxp://mtololo.com – 81.19.72.59
hxxp://matrix.mtololo.com – 62.113.100.124
Related domains known to have been involved in the campaign:
hxxp://api.views-24.ru
hxxp://lohicageeg.beget.app
hxxp://fr124.aha.ru
hxxp://aktiver-id.fun
hxxp://aktiver-bankid.website
hxxp://matrix.mtololo.com

Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products