Yanluowang's Ransomware Group's Internal Communications Leaked by Russian Threat Actors - An Analysis

Yanluowang's ransomware group has recently had their internal communications leak online prompting various researcher into looking into them and analyzing them. The breach of the gang's internal communications happened courtesy of Russian threat actors who also defaced and left a message on their front page.

The leak's initiative has also released various source code in terms of the decryption tool for the ransomware including the source code of the builder.

Sample screenshots include:

The recent communication leaks are similar to the Conti leaks which I extensively data mined and profiled here.

Related actionable intelligence on the C&C server infrastructure:

hxxp://mtololo.com - 81.19.72.59

hxxp://matrix.mtololo.com - 62.113.100.124

Related domains known to have been involved in the campaign:

hxxp://api.views-24.ru

hxxp://lohicageeg.beget.app

hxxp://fr124.aha.ru

hxxp://aktiver-id.fun

hxxp://aktiver-bankid.website

hxxp://matrix.mtololo.com

Stay tuned!