APT / THREAT GROUP💰 FINANCIAL

risen

1
aliases

Intelligence Profile

Risen, which is a fully optimized and high-speed program, is the result of our years of experience in the field of malware writing. Risen is written in C language and completely using winapi. We produced many products with different features and options, but we came to the conclusion that none of the options have the benefit and efficiency they should; So, instead of spending time on useless and inefficient options, we decided to spend all our time on the strength, speed and security of our cryptography, and that's how we created Risen. Software features in version 1: <br/> <br/> <br/> -Encryption security, utilizing Chacha20 and RSA 2048 algorithms. <br/> -High encryption speed and software optimization <br/> -compatible with all versions of Windows on any hardware without any issues. <br/> -Automatic option settings, its easy to using and default configuration set to the best mode. <br/> -Utilization of Threadpool method and queue creation for encryption. <br/> -A powerful file unlocker, unlock files without closing processes. <br/> -Safe deletion of backups, shadow copies, and all windows logs. <br/> -A blog, Leak website, and management panel on TOR for leaking data of non-paying companies. <br/>

Threat Analysis

risen is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like risen prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Intelligence Reports Mentioning risen

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

risen

DLS Infrastructure

○ OFFLINEs2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion
○ OFFLINEo6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion
○ OFFLINEcqqzfmdd2fwshfyic6srf3fxjjigiipqdygosk6sdifstrbtxnm5bead.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
risen — APT / Threat Group | Threat Intelligence | CTIWATCH.COM