Threat analysis study: Hive

Posted date 20/12/2021
imagen de estudios de amenazas

Continuing with our series of studies of analysis malware distribution campaigns affecting Spain, which we began in April 2021, today we publish a new study on Hive, a significant current threat.

The study provides detailed information on the modus operandi and functioning of this campaign, which affects a wide range of companies, citizens and national organizations so that, once they know the technical details and characteristics of the threat, security technicians can implement the most appropriate prevention, detection and response measures in those organizations.

The actions carried out to draft the study include static and dynamic analysis within a controlled environment and a comparison of results between the samples obtained. This analysis includes various Indicators of Compromise (IOCs), three Yara rules and four Sigma rules to help detect sample threats belonging to the Hive family.

The full study can be downloaded below:

[Update 12/07/2022]

The South Korean Cybersecurity Agency (KISA) has released a free decryptor for victims of the Hive ransomware in a ZIP archive. The tool is intended for users who have fallen victim to versions 1 to 4 of the threat (at least 5 versions of Hive are known to exist), so that they can recover information from encrypted files.