Beast is a Ransomware-as-a-service (RaaS) product which provides functionality such as SMB scanning, file encryption, service and process starting and stopping, and geographic identification to avoid encryption in CIS countries.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
Beast ransomware
*/
rule Beast
{
meta:
author = "rivitna"
family = "ransomware.beast"
description = "Beast ransomware Windows payload"
severity = 10
score = 100
strings:
$h0 = { 6A 00 56 68 ?? ?? 00 00 57 6A 19 68 AA 00 00 00 6A ??
6A 0A 68 00 10 00 50 50 }
$h1 = { 6A 00 56 68 ?? ?? 00 00 57 6A 19 68 AA 00 00 00
68 ?? 00 00 00 6A 0A 68 00 10 00 50 50 }
$h2 = { 81 BC 24 ?? 00 00 00 50 4B 06 06 75 6?
81 BC 24 ?? 00 00 00 50 4B 06 07 75 5?
81 BC 24 ?? 00 00 00 50 4B 05 06 75 }
$h3 = { C7 44 24 ?? 17 10 14 06 }
$h4 = { 40 04 19 08 C7 45 ?? 19 04 23 04 C7 45 ?? 3F 04 40 04
C7 45 ?? 28 04 42 04 C7 45 ?? 43 08 22 04 }
condition:
((uint16(0) == 0x5A4D) and (uint32(uint32(0x3C)) == 0x00004550)) and
(
(3 of ($h*))
)
}
YOUR FILES ARE ENCRYPTED AND STOLEN! Your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [redactado] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [redactado] Reserved email: [redactado] Backup XMPP: [redactado] Backup XMPP: [redactado] Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * We have been in your network for a long time. We know everything about your company most of your information has already been downloaded to our server. We recommend you to do not waste your time if you dont wont we start 2nd part. * You have 24 hours to contact us. * Otherwise, your data will be sold or made public. BEAST ransomware
JPS Consulting Engineers is a group of dynamic site, civil and structural engineers based out of Indianapolis, Indiana. We have a combined 200+ years of design and consulting experience among us. We serve as a one-stop shop for all of your site, civil and structural needs-in Indiana, the Midwest and anywhere you do business. JPS is a certified Minority Business Enterprise (MBE). Our firm is distinguished by the ability to communicate complex technical issues in a way that our clients understand. Our employees are passionate about working in collaborative environments which help our healthcare, higher education, advanced technology, construction, and existing building clients to achieve outstanding project results. We believe in a holistic approach to structural design, construction means and methods, and risk consulting. We understand that our clients have competing demands for their projects.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Hospital Sao Jose do Avai (HSJA) | BR | Healthcare | — | 9 feb 2026 |
| Noroaco | BR | Manufacturing | — | 9 nov 2025 |
| Bolt Electricity, Oil & Gas | BR | Energy | — | 27 oct 2025 |
| Danthi Comunicacao Integrada | BR | Business Services | — | 24 oct 2025 |
| Garro Fabril | AR | Manufacturing | — | 4 oct 2025 |
| BinBaires | AR | Hospitality and Tourism | — | 6 sept 2025 |
| Escauto Centro Automotivo | BR | Consumer Services | — | 18 ago 2025 |
| Aseguradora Fortaleza | GT | Financial Services | — | 29 jul 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Noroaco - Ferro e Aco specializes in a diverse range of high-quality steel products including tubes, beams, tiles, sheets, and plasma cutting services. With over sixteen years of experience, the company serves clients from various sectors such as agribusiness, construction, metallurgy, and locksmithing. They ensure excellence in every step of production by investing in team training and modern equipment, sourcing steel from the country's leading steel mills. Noroaco caters to both wholesale and retail markets, providing tailored solutions for clients' steel project needs.
Bolt Energy specializes in providing energy solutions aimed at reducing costs by at least 25% for high voltage companies, and offering clean and affordable energy for residential and small business customers. They also deliver customized energy solutions for power plants. Established in 2010, Bolt Energy operates in both the free and captive markets, helping clients achieve significant energy savings. The company is actively engaged in energy generation and commercialization, focusing on efficient energy solutions
With a senior team and over 130 clients, Danthi Comunicacao Integrada believes in building close, long-term, and trust-based relationships with all its partners. With extensive experience in positive exposure, brand reputation building, and image and reputation crisis management, Danthi works in an integrated and strategic manner with traditional press relations and digital communications. A company's image is directly linked to how it communicates with the public. In a 24/7 connected world, this premise requires strategy and a communications team that knows how to plan, identify key messages, and convey them assertively across multiple platforms.
Garro Fabril SA is a company that operates in the Manufacturing industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Venado Tuerto, Santa Fe Province, Argentina
BinBaires is a company that operates a network of casinos and bingo halls in Argentina, with operations in the provinces of Buenos Aires (PLV) and Mendoza, including facilities in Ezeiza and Olavarria. Its main activity is the organization of gambling, including slot machines, bingo, and roulette. It is part of the joint venture MAGIC STAR S.A. - CASINO BUENOS AIRES S.A. U.T.E.