{"id":42249,"date":"2021-08-10T00:00:00","date_gmt":"2021-08-10T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/chaos-ransomware-a-dangerous-proof-of-concept.html"},"modified":"2021-08-10T00:00:00","modified_gmt":"2021-08-10T00:00:00","slug":"chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/","title":{"rendered":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-641.png\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. \"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"endpoints,ransomware,research,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2021-08-10\"> <meta property=\"article:tag\" content=\"ransomware\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/chaos-ransomware-a-dangerous-proof-of-concept.html\"> <title>Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/chaos-ransomware-a-dangerous-proof-of-concept.html\"><br \/>\n<meta property=\"og:title\" content=\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications\"><br \/>\n<meta property=\"og:description\" content=\"Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. \"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-641.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications\"><br \/>\n<meta name=\"twitter:description\" content=\"Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. \"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-641.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.533864541833\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"636654540\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9\">\n<div class=\"article-details\" role=\"heading\" readability=\"38\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. <\/p>\n<p class=\"article-details__author-by\">By: Monte de Jesus <time class=\"article-details__date\">August 10, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div>\n<div class=\"richText\" readability=\"41.303317535545\">\n<div readability=\"27.867298578199\">\n<p>Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. While it\u2019s purportedly a .NET version of <a href=\"https:\/\/www.trendmicro.com\/en_ph\/what-is\/ransomware\/ryuk-ransomware.html\">Ryuk<\/a>, closer examination of the sample reveals that it doesn\u2019t share much with the notorious ransomware. In fact, early versions of Chaos, which is now in its fourth iteration, were more akin to a destructive trojan than to traditional ransomware.<\/p>\n<p>In this blog entry, we take a look at some of the characteristics of the Chaos ransomware builder and how its iterations added new capabilities.<\/p>\n<p>Chaos has undergone rapid evolution from its very first version to its current iteration, with version 1.0 having been released on June 9, version 2.0 on June 17, version 3.0 on July 5, and version 4.0 on Aug. 5.<\/p>\n<h4><span class=\"body-subhead-title\"><\/span><\/h4>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-1.jpg\" alt=\"Figure 1. The GUI of Chaos version 1.0\"><figcaption>Figure 1. The GUI of Chaos version 1.0<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41\">\n<div readability=\"27\">\n<p>The most notable characteristic of the first version of the Chaos builder was that, despite having the Ryuk branding in its GUI, it had little in common with the ransomware. In fact, it wasn\u2019t even traditional ransomware, but rather a destructive trojan. Instead of encrypting files (which could then be decrypted after the target paid the ransom), it replaced the files\u2019 contents with random bytes, after which the files were encoded in Base64. This meant that affected files could no longer be restored, providing victims no incentive to pay the ransom.<\/p>\n<p>It did, however, display certain characteristics found in other ransomware families. For example, it searched the following file paths and extensions to infect:<\/p>\n<h3><\/h3>\n<ul>\n<li><span class=\"rte-red-bullet\">\\\\Contacts<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Desktop<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Desktop<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Documents<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Downloads<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Favorites<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Links<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Music<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\OneDrive<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Pictures<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Saved Games<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Searches<\/span><\/li>\n<li><span class=\"rte-red-bullet\">\\\\Videos<\/span><\/li>\n<\/ul>\n<h3><\/h3>\n<ul>\n<li><span class=\"rte-red-bullet\">.3gp<br \/><\/span><\/li>\n<li><span class=\"rte-red-bullet\">.7z<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.7-zip<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.accdb<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ace<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.amv<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.apk<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.arj<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.asp<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.aspx<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.avi<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.backup<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.bak<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.bay<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.bk<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.blob<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.bmp<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.bz2<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.cab<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.cer<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.contact<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.core<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.cpp<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.crt<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.cs<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.css<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.csv<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.dat<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.db<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.dll<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.doc<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.docm<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.docx<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.dwg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.exif<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.flv<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.gzip<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.htm<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.html<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ibank<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ico<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ini<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.iso<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.jar<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.java<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.jpe<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.jpeg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.jpg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.js<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.json<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.jsp<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.lnk<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.lzh<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.m4a<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.m4p<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.m4v<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mdb<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mkv<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mov<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mp3<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mp3<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mp3<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mp4<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mpeg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.mpg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ods<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.odt<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.p7c<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.pas<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.pdb<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.pdf<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.php<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.png<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.ppt<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.pptx<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.psd<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.py<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.rar<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.rb<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.rtf<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.settings<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.sie<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.sql<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.sum<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.svg<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.tar<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.txt<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.vdi<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.vmdk<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.wallet<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.wav<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.webm<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.wma<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.wmv<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.wps<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xls<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xlsb<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xlsm<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xlsx<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xml<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.xz<\/span><\/li>\n<li><span class=\"rte-red-bullet\">.zip<\/span><\/li>\n<\/ul>\n<p>It then dropped a ransomware note named <i>read_it.txt<\/i>, with a demand for a rather sizeable ransom in bitcoin.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-2.jpg\" alt=\"Figure 2. A ransom note dropped by Chaos\"><figcaption>Figure 2. A ransom note dropped by Chaos<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>One of the more interesting functions of Chaos version 1.0 was its worming function, which allowed it to spread to all drives found on an affected system. This could permit the malware to jump onto removable drives and escape from air-gapped systems.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-3.jpg\" alt=\"Figure 3. Code showing the worming function\"><figcaption>Figure 3. Code showing the worming function<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<h4><span class=\"body-subhead-title\"><\/span><\/h4>\n<p>The second version of Chaos added advanced options for administrator privileges, the ability to delete all volume shadow copies and the backup catalog, and the ability to disable Windows recovery mode.<\/p>\n<p>However, version 2.0 still overwrote the files of its targets. Members of the forum where it was posted pointed out that victims wouldn\u2019t pay the ransom if their files couldn\u2019t be restored.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-4.jpg\" alt=\"Figure 4. The GUI of Chaos version 2.0\"><figcaption>Figure 4. The GUI of Chaos version 2.0<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<p>With version 3.0, the Chaos ransomware builder gained the ability to encrypt files under 1 MB using AES\/RSA encryption, making it more in line with traditional ransomware. It also came with its own decrypter builder.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-5.jpg\" alt=\"Figure 5. The GUI of Chaos version 3.0\"><figcaption>Figure 5. The GUI of Chaos version 3.0<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-6.jpg\" alt=\"Figure 6. The advanced options for Chaos version 3.0, including the option to encrypt files via the AES\/RSA method and the decrypter builder function\"><figcaption>Figure 6. The advanced options for Chaos version 3.0, including the option to encrypt files via the AES\/RSA method and the decrypter builder function<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<p>The fourth iteration of Chaos expands the AES\/RSA encryption by increasing the upper limit of files that can be encrypted to 2 MB. In addition, it gives the ransomware builder\u2019s users the ability to add their own extensions to affected files and the ability to change the desktop wallpaper of their victims.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications\/chaos-ransomware-7.jpg\" alt=\"Figure 7. The advanced options for Chaos version 4.0, including the option to change desktop wallpapers\"><figcaption>Figure 7. The advanced options for Chaos version 4.0, including the option to change desktop wallpapers<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.5\">\n<div readability=\"20\">\n<p>We haven\u2019t seen any active infections or victims of the Chaos ransomware. However, in the hands of a malicious actor who has access to malware distribution and deployment infrastructure, it could cause great damage to organizations.<\/p>\n<p>In our view, the Chaos ransomware builder is still far from being a finished product since it lacks features that many modern ransomware families possess, such as the ability to collect data from victims that could be used for further blackmail if the ransom is not paid.<\/p>\n<p>The following are the hashes and our detections for the different Chaos ransomware builder versions:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n<tbody readability=\"14\">\n<tr>\n<td>\n<p><b>SHA-256<\/b><\/p>\n<\/td>\n<td width=\"248\" valign=\"top\">\n<p><b>Detection<\/b><\/p>\n<\/td>\n<td width=\"261\" valign=\"top\">\n<p><b>TrendX detection<\/b><\/p>\n<\/td>\n<td width=\"241\" valign=\"top\">\n<p><b>Version<\/b><\/p>\n<\/td>\n<\/tr>\n<tr readability=\"9\">\n<td width=\"303\" valign=\"top\" readability=\"5\">\n<p>0d8b4a07e91e02335f600332644e8f0e504f75ab19899a58b2c85ecb0887c738<\/p>\n<\/td>\n<td width=\"248\" valign=\"top\" readability=\"5\">\n<p>Trojan.MSIL.FAKERYUKBUILD.THFAFBA<\/p>\n<\/td>\n<td width=\"261\" valign=\"top\">\n<p>N\/A<\/p>\n<\/td>\n<td width=\"241\" valign=\"top\" readability=\"5\">\n<p>Chaos Ransomware builder version 1.0<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"12\">\n<td width=\"303\" valign=\"top\" readability=\"5\">\n<p>325dfac6172cd279715ca8deb280eefe3544090f1583a2ddb5d43fc7fe3029ed<\/p>\n<\/td>\n<td width=\"248\" valign=\"top\" readability=\"5\">\n<p>Trojan.MSIL.FAKERYUKBUILDER.AA<\/p>\n<\/td>\n<td width=\"261\" valign=\"top\" readability=\"5\">\n<p>Ransom.Win32.TRX.XXPE50FFF046E0002<\/p>\n<\/td>\n<td width=\"241\" valign=\"top\" readability=\"5\">\n<p>Chaos Ransomware builder version 2.0<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"12\">\n<td width=\"303\" valign=\"top\" readability=\"5\">\n<p>63e28fc93b5843002279fc2ad6fabd9a2bc7f5d2f0b59910bcc447a21673e6c7<\/p>\n<\/td>\n<td width=\"248\" valign=\"top\" readability=\"5\">\n<p>Trojan.MSIL.FAKERYUKBUILDER.AA<\/p>\n<\/td>\n<td width=\"261\" valign=\"top\" readability=\"5\">\n<p>Ransom.Win32.TRX.XXPE50FFF046E0002<\/p>\n<\/td>\n<td width=\"241\" valign=\"top\" readability=\"5\">\n<p>Chaos Ransomware builder version 3.0<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"9\">\n<td width=\"303\" valign=\"top\" readability=\"5\">\n<p>0d8b4a07e91e02335f600332644e8f0e504f75ab19899a58b2c85ecb0887c738<\/p>\n<\/td>\n<td width=\"248\" valign=\"top\" readability=\"5\">\n<p>Trojan.MSIL.FAKERYUKBUILD.THFAFBA<\/p>\n<\/td>\n<td width=\"261\" valign=\"top\">\n<p>N\/A<\/p>\n<\/td>\n<td width=\"241\" valign=\"top\" readability=\"5\">\n<p>Chaos Ransomware builder version 4.0<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p>We also proactively detect the following components:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n<tbody readability=\"6\">\n<tr>\n<td>\n<p><b>Detection<\/b><\/p>\n<\/td>\n<td width=\"312\" valign=\"top\">\n<p><b>Note<\/b><\/p>\n<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>Ransom.MSIL.CHAOSBUILDER.SMYPBHET<\/p>\n<\/td>\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>Chaos ransomware builder and decrypter<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>Ransom.MSIL.CHAOS.SMYPBHET<\/p>\n<\/td>\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>Main Chaos ransomware executable<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"6\">\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>PUA.MSIL.CHAOS.SMYPBHET.decryptor<\/p>\n<\/td>\n<td width=\"312\" valign=\"top\" readability=\"5\">\n<p>Chaos ransomware decrypter<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/chaos-ransomware-a-dangerous-proof-of-concept.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since June 2021, we\u2019ve been monitoring an in-development ransomware builder called Chaos, which is being offered for testing on an underground forum. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42250,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9539,9509],"class_list":["post-42249","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-10T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"643\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst\",\"datePublished\":\"2021-08-10T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/\"},\"wordCount\":953,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/\",\"name\":\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg\",\"datePublished\":\"2021-08-10T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg\",\"width\":643,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/","og_locale":"en_US","og_type":"article","og_title":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-10T00:00:00+00:00","og_image":[{"width":643,"height":450,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst","datePublished":"2021-08-10T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/"},"wordCount":953,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/","url":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/","name":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg","datePublished":"2021-08-10T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst.jpg","width":643,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chaos-ransomware-a-proof-of-concept-with-potentially-dangerous-applications-threats-analyst\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Threats Analyst"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42249"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42249\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42250"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}