← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Inside Shanya, a packer-as-a-service fueling modern attacks
WHITE celestre 2025-12-09 Modified: 2025-12-09
26
IOCs
MEDIUM VOLUME
We have covered packer-as-a-service offerings from the computer underworld in the past, previously dissecting impersonation campaigns and the rise of HeartCrypt, both popular among ransomware groups. However, it is a fast-changing landscape, and now we are watching a new incarnation of the same type of service: the Shanya crypter — already favored by ransomware groups and taking over (to some degree) the role that HeartCrypt has played in the ransomware toolkit. We’ll look at its apparent origins, unpack the code, and examine a targeted infection leveraging this tool. Sophos protections against this specific packer are covered at the end of the article.
edr killerdownload server
Indicators of Compromise (5 / 26 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 127b50c8185986a52ae66bf6e7e67a6fd787c4fc SHA1 of 95a6f6e79c1842cea3603df3209fddc12aeb4fc77d1c58a852f877b1eaa9c4c9 2025-12-09
FileHash-SHA1 241dd3ffbafb0d15876504710fcaaa807d2c03c8 SHA1 of 59906b022adfc6f63903adbdbb64c82881e0b1664d6b7f7ee42319019fcb3d7e 2025-12-09
FileHash-SHA1 aebd71337ad1e95c38eb7a07beb498e1c7d6e8bf SHA1 of 2bfb560c7b34a2b4c30db711900d6e56d86f754f4fbeebe551b8c67bc30a2b36 2025-12-09
FileHash-SHA1 cb6d7a35e917322401558aed727289423f384876 SHA1 of 087216ee05746cc264752b0623dc6a1e32cddc0ca088832672e6dd356d394393 2025-12-09
FileHash-SHA1 df86c01f54636d72e18044f99a9694c82a819946 SHA1 of 6645297a0a423564f99b9f474b0df234d6613d04df48a94cb67f541b8eb829d1 2025-12-09
References (1)
↗ https://news.sophos.com/en-us/2025/12/06/inside-shanya-a-packer-as-a-service-fueling-modern-attacks/