{"id":21172,"date":"2023-11-16T15:16:35","date_gmt":"2023-11-16T14:16:35","guid":{"rendered":"https:\/\/www.defencetech.it\/?p=21172"},"modified":"2025-06-10T10:04:47","modified_gmt":"2025-06-10T08:04:47","slug":"malware-analysis-report-chaos-ransomware","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/malware-analysis-report-chaos-ransomware\/","title":{"rendered":"Malware Analysis Report - Chaos Ransomware"},"content":{"rendered":"<p>In recent times, the action of a type of malware, known as <strong>Chaos<\/strong> <strong>Ransomware<\/strong>. This ransomware has been active since at least June 2021 and, since then, six different versions have appeared (the latest is called 'Yashma').\u00a0<\/p>\r\n\r\n\r\n\r\n<p>Each of these versions originates from a special tool for creating ransomware executables with customised settings. This therefore allows the spread of numerous variants based precisely on this 'builder' developed in NET.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>With each new version of this tool, there is the possibility of customising ransomware that is increasingly powerful and complex. To combat the development of this family (and to raise awareness of it), we decided to devote ourselves to analysing the variant '<strong>Mad Cat<\/strong>', which was submitted on Hatching Triage's public sandbox on 24 October 2023. In addition, the report also provides a brief overview of the differences between all versions of the 'Chaos Ransomware' family.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>If you wish to learn more, here is the link to our<a href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Report-Chaos-Ransomware-Mad-Cat-variant.pdf\"> <strong>full report<\/strong><\/a>.\u00a0<\/p>\r\n\r\n\r\n\r\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <b>Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Negli ultimi tempi, sembra essere tornata pi\u00f9 minacciosa l&#8217;azione di una tipologia di malware, nota con il nome di Chaos Ransomware. Questo ransomware \u00e8 attivo almeno dal giugno 2021 e, da allora, ne sono comparse sei differenti versioni (l&#8217;ultima si chiama &#8220;Yashma&#8221;).\u00a0 Ognuna di queste versioni proviene da uno strumento apposito per creare eseguibili ransomware [&hellip;]<\/p>","protected":false},"author":2,"featured_media":26257,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[110],"class_list":["post-21172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness","tag-articoli"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Analysis Report\u00a0- Chaos Ransomware - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/malware-analysis-report-chaos-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malware Analysis Report\u00a0- Chaos Ransomware - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Negli ultimi tempi, sembra essere tornata pi\u00f9 minacciosa l&#8217;azione di una tipologia di malware, nota con il nome di Chaos Ransomware. Questo ransomware \u00e8 attivo almeno dal giugno 2021 e, da allora, ne sono comparse sei differenti versioni (l&#8217;ultima si chiama &#8220;Yashma&#8221;).\u00a0 Ognuna di queste versioni proviene da uno strumento apposito per creare eseguibili ransomware [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/malware-analysis-report-chaos-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-16T14:16:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:04:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Simone Sorte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Simone Sorte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/\"},\"author\":{\"name\":\"Simone Sorte\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\"},\"headline\":\"Malware Analysis Report\u00a0&#8211; Chaos Ransomware\",\"datePublished\":\"2023-11-16T14:16:35+00:00\",\"dateModified\":\"2025-06-10T08:04:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/\"},\"wordCount\":184,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"keywords\":[\"Articoli\"],\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/\",\"url\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/\",\"name\":\"Malware Analysis Report\u00a0- Chaos Ransomware - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"datePublished\":\"2023-11-16T14:16:35+00:00\",\"dateModified\":\"2025-06-10T08:04:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"width\":1200,\"height\":640,\"caption\":\"Immagine in evidenza astratta per gli articoli di Tinexta Defence\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis Report\u00a0&#8211; Chaos Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\",\"name\":\"Simone Sorte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"caption\":\"Simone Sorte\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Analysis Report - Chaos Ransomware - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/malware-analysis-report-chaos-ransomware\/","og_locale":"en_GB","og_type":"article","og_title":"Malware Analysis Report\u00a0- Chaos Ransomware - Tinexta Defence","og_description":"Negli ultimi tempi, sembra essere tornata pi\u00f9 minacciosa l&#8217;azione di una tipologia di malware, nota con il nome di Chaos Ransomware. Questo ransomware \u00e8 attivo almeno dal giugno 2021 e, da allora, ne sono comparse sei differenti versioni (l&#8217;ultima si chiama &#8220;Yashma&#8221;).\u00a0 Ognuna di queste versioni proviene da uno strumento apposito per creare eseguibili ransomware [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/malware-analysis-report-chaos-ransomware\/","og_site_name":"Tinexta Defence","article_published_time":"2023-11-16T14:16:35+00:00","article_modified_time":"2025-06-10T08:04:47+00:00","og_image":[{"width":1200,"height":640,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","type":"image\/jpeg"}],"author":"Simone Sorte","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Simone Sorte","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/"},"author":{"name":"Simone Sorte","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941"},"headline":"Malware Analysis Report\u00a0&#8211; Chaos Ransomware","datePublished":"2023-11-16T14:16:35+00:00","dateModified":"2025-06-10T08:04:47+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/"},"wordCount":184,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","keywords":["Articoli"],"articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/","url":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/","name":"Malware Analysis Report - Chaos Ransomware - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","datePublished":"2023-11-16T14:16:35+00:00","dateModified":"2025-06-10T08:04:47+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","width":1200,"height":640,"caption":"Immagine in evidenza astratta per gli articoli di Tinexta Defence"},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/malware-analysis-report-chaos-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"Malware Analysis Report\u00a0&#8211; Chaos Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941","name":"Simone Sorte","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","caption":"Simone Sorte"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/21172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=21172"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/21172\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/26257"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=21172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=21172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=21172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}