Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Yanluowang

According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops services, and creates the README.txt file containing a ransom note. It appends the .yanluowang extension to filenames. Cybercriminals behind Yanluowang are targeting enterprise entities and organizations in the financial sector.Files encrypted by Yanluowang can be decrypted with this tool (it is possible to decrypt all files if the original file is larger than 3GB. If the original file is smaller than 3GB, then only smaller files can be decrypted).
External information

Victims
 

6

First Discovered
victim

2022-07-02

Last Discovered
victim

2022-08-10

Avg Delay
between attack and claim

N/A

Infostealer
for victim with domain

N/A

View Victims on World Map

View group statistics


Known Locations (1)
Favicon Title Type Available Last Visit FQDN
favicon Yanluowang No 2025-06-01 21:18:46 jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad.onion

Target (Available)
Top 5 Activity Sectors
Top 5 Countries

Heatmap (Available)

Ransom Notes (1)

Tools Used (Available)
This information is provided by Ransomware-Tool-Matrix
Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
AdFind

Cent Browser

S3 Browser

SoftPerfect NetScan

LogMeIn

ScreenConnect

TeamViewer






GrabChrome

GrabFF

KeeThief

Mimikatz

NirSoft WebBrowserPassView
Cobalt Strike

Impacket



Chisel




NTDS Utility (ntdsutil)

PsExec

Windows Event Utility (wevtutil)







Vulnerabilities Exploited (0)

No vulnerabilities exploited available.


TTPs Matrix (0)

No TTPs available.


Negotiation Chats (0)

No negotiation chats available.


YARA Rules (0)

No YARA rules available.


Indicators of Compromise (IoCs) (0)

No IoCs available for this group.


Victims (6)