← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
WHITE AustinBH 2025-10-27 Modified: 2025-11-26
31
IOCs
MEDIUM VOLUME
Researchers from the University of California, Berkeley, and the Institute of Advanced Technology (IAS) identify and track the spread of a malicious version of the Windows operating system, known as Agenda Ransomware.
redactedfake captchadeploys linuxvariantwindowsthrough remoteindicatorscompromise sha1findings httpdisease vectoragenda
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Deploys Linux Agenda
Indicators of Compromise (5 / 31 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2149a070e76f4ccabd67228f754768dc 2025-10-27
FileHash-MD5 6bc8e3505d9f51368ddf323acb6abc49 MD5 of 16f83f056177c4ec24c7e99d01ca9d9d6713bd0497eeedb777a3ffefa99c97f0 2025-10-27
FileHash-MD5 959ff112c2eb41ce8f7b24e38c9b4f94 2025-10-27
FileHash-MD5 a768244ca664349a6d1af84a712083c0 MD5 of e14ba0fb92e16bb7db3b1efac4b13aee178542c6994543e7535d8efaa589870c 2025-10-27
FileHash-MD5 b2398a81b5467f75f476a107027b3259 MD5 of 15e5bf0082fbb1036d39fc279293f0799f2ab5b2b0af47d9f3c3fdc4aa93de67 2025-10-27
References (2)
↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/j/agenda-ransomware-deploys-linux-variant/agenda-ransomware-iocs.txt ↗ https://www.trendmicro.com/en_us/research/25/j/agenda-ransomware-deploys-linux-variant-on-windows-systems.html