PanelActoresCampanasMapaTTPs
Panel » Actores » rook
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
rook logo

rook

1 incidentes 1 paises 0 sectores ransomware RU Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Rook is a ransomware group that emerged in late November 2021, distinguishing itself by its operational model largely derived from the leaked Babuk ransomware source code. The group primarily pursues financial gain through a dual-extortion scheme, encrypting victim files and exfiltrating sensitive data to pressure payment. Its unique initial self-introduction on its leak site expressed a desperate need for money. The group gained attention quickly, with its first victim, a Kazakh financial institution, identified just days after its initial appearance. Rook's activity was notable for its rapid adoption of leaked code and its multi-threading engine for efficient encryption. There is evidence to suggest that the group may have rebranded as Pandora in early 2022 due to significant tactical similarities, but this is a suspected connection rather than a confirmed alias.
Tecnicas MITRE
T1486, T1071.001, T1569.002, T1110.001

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United Kingdom (1)

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustraliaAzerbaijanBosnia and HerzegovinaBangladeshBelgiumBrazilCanadaSwitzerland

Sectores objetivo (SOCRadar)

Monetary Authorities-Central BankSoftware PublishersReal EstateEnterprises & HoldingAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & Gas

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com