March 21, 2025

Understanding Ransomware – by looking at their code and Playbooks

By venkat

Deep Adversarial learning can be achieved through looking at Conti leaked Playbooks, Babuk Code, Black Bast chat leaks etc. This is in addition to the TTPs MITRE ATT&CK matrix.

https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://www.bleepingcomputer.com/news/security/leaked-babuk-locker-ransomware-builder-used-in-new-attacks/
https://github.com/Hildaboo/BabukRansomwareSourceCode
https://github.com/Hildaboo/BabukRansomware
https://github.com/cupom35/Babuk-RansomWare

https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/ – Helps to understand the newer trends of attacker Tool Chains.

Bulletins to track
https://www.broadcom.com/support/security-center/protection-bulletin

About The Author

venkat

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.

Understanding Ransomware – by looking at their code and Playbooks

About The Author

Tags