Credential Theft
- ProcDump
RA World is a ransomware group.
Profile source: Mallory opens in a new tabRA World
RA World is a ransomware group. In the provided reporting, it is identified as one of the ransomware groups targeting Korean companies, with activity noted in 2023 as part of a broader increase in ransomware attacks against South Korean organizations. The content also notes suspected links between some ransomware operations and Chinese cyber-espionage activity, specifically citing RA World for using PlugX; this is presented as a suspected linkage, not a confirmed attribution. Reported tooling associated with RA World in the provided content includes PlugX and Impacket. The content also references exploitation of PAN-OS vulnerability CVE-2024-0012 in the context of ransomware operations suspected to be linked to Chinese cyber-espionage groups, including RA World. No additional confirmed aliases or sub-groups are provided beyond RA World.
Ransomware.live
Ransomware.live
b8846b3e1adfc89aa767687364fecf6a0b1d2e7bd7f535e427aa80adbb6a95d6a3a62b5aed61ace35c9aadde1f5cefde1eef02b9cecf23c530b292c68a481a1ce5a972cc589109be1aae14cdb5fd6984f2070b889c7aa58ca153c6d1b3dc953ee634fe96f81b8a5198c8ac65a95e58a41e20b481d932582570287729f665bff806b9331e6e2699a4382bd09ae85a515d2e30aa5886ad27092ae968471bd845c6358AC0F6C813DD4FD243524F040E2F77969278274BD8A8945B5041A249786E32CC784580F2EC161.35.200.18Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.