top of page

BleachGap ransomware revamped

leachGap ransomware was first reported in Feb 2021 by a researcher named Petrovic on Twitter. This ransomware variant that K7 Security have analysed was reported on Twitter in June 2022. This variant got they curious to get into the nuances of it because it was tagged as a stealer and all the code was compiled in a single executable thereby not needing any supporting .bat or PowerShell scripts to execute, most probably done for evasion and to be less noisy in comparison to the variant found in 2021, which needed the supporting .bat and .exe that it dropped for execution.


ATT&CK IDS: T1033 - System Owner/User Discovery, T1102 - Web Service, TA0005 - Defense Evasion, T1471 - Data Encrypted for Impact, T1089 - Disabling Security Tools, T1406 - Obfuscated Files or Information

Read More:



Commenting has been turned off.
bottom of page