Pulse Detail — Threat Intelligence

PULSE NAME

YUREI RANSOMWARE: THE DIGITAL GHOST

WHITE AlienVault 2025-10-04 Modified: 2025-10-06

IOCs

LOW VOLUME

A sophisticated ransomware family called Yurei has emerged, targeting Windows systems with advanced encryption methods. It rapidly encrypts data using ChaCha20 and ECIES, appends .Yurei to files, and disables recovery options. The malware spreads via SMB shares, removable drives, and credential-based remote execution. It employs anti-forensics techniques, including log wiping and secure deletion. Yurei features double-extortion capabilities, threatening data leaks alongside ransom demands. Analysis suggests possible code reuse from the Prince ransomware. The ransomware's professional build, stealthy propagation, and high operational speed make it a significant threat designed for irreversible data compromise.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1047 T1129 T1006 T1543 T1564 T1543.003 T1106 T1202 T1140 T1562 T1036 T1070.006 T1045 T1059 T1070 T1064 T1562.001 T1027 T1070.004 T1027.002

MALWARE FAMILIES

Yurei Ransomware

Indicators of Compromise (7)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain YARA

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	964540e24c4e2e048e4600e5f590bf96	—	2025-10-04
FileHash-SHA1	d4757f035c3447c33c2347101d08c1e798f1a044	—	2025-10-04
FileHash-SHA256	1263280c916464c2aa755a81b0f947e769c8a735a74a172157257fca340e1cf4	—	2025-10-04
FileHash-SHA256	4f88d3977a24fb160fc3ba69821287a197ae9b04493d705dc2fe939442ba6461	—	2025-10-04
FileHash-SHA1	b5068f523f56b33b5665f3ae177c985502dc237c	—	2025-10-04
domain	fewcriet5rhoy66k6c4cyvb2pqrblxtx4mekj3s5l4jjt4t4kn4vheyd.onion	—	2025-10-04
YARA	b5068f523f56b33b5665f3ae177c985502dc237c	Detects Yurei ransomware samples using SHA256 hashes or associated strings/IOCs	2025-10-06

References (1)

↗ https://www.cyfirma.com/research/yurei-ransomware-the-digital-ghost