Pulse Detail — Threat Intelligence

PULSE NAME

AWS.DEV | Ransom REevil | MaaS -Mirai , Makop , Sodinokibi | 6.13.25 Appears ti be ongoing

WHITE Q.Vashti 2026-05-13 Modified: 2026-05-13

516

IOCs

HIGH VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1012 T1035 T1046 T1060 T1083 T1112 T1179 T1215 T1547 T1140 T1021 T1055 T1181 TA0003 TA0005 TA0004 TA0002 TA0010 TA0008 TA0009

MALWARE FAMILIES

Ransom:Win32/Makop.PA!MTB Trojan/Win32.BlueCrab.R331768 Trojan.Ransom.Sodinokibi Emotet Virus.Neshta Mirai RANSOM_REvil Labeled as: Ransom.Sodinokibi.Generic

Indicators of Compromise (1 / 516 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL CVE domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2018-8453	—	2026-05-13

References (9)

↗ RANSOM_REvil - https://www.nextron-systems.com/notes-on-virustotal-matches/ ↗ YARA: Matches rule MAL_RANSOM_REvil_Oct20_1 from ruleset crime_ransom_revil by Florian Roth (Nextron Systems) ↗ YARA: Matches rule Windows_Ransomware_Sodinokibi_83f05fbe from ruleset Windows_Ransomware_Sodinokibi by Elastic Security ↗ YARA: Matches rule win_revil_auto from ruleset win.revil_auto by Felix Bilstein - yara-signator at cocacoding dot com ↗ https://otx.alienvault.com/malware/Ransom:Win32/Makop/ ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ https://www.hybrid-analysis.com/sample/cb33f3d60a715436ab49ab7968c5a31410d0cd6b9d141b41b2362c02b59e2913/5e68effaec3f2e3f0c5237b8 ↗ Permissions requested: SE_DEBUG_PRIVILEGE SE_LOAD_DRIVER_PRIVILEGE ↗ Behaviour: Extract file to system directory