D0Glun
Description
D0glun is a crypto-ransomware strain first observed in January 2025, believed to be derived from Babuk via an intermediary variant known as Cheng Xilun. It uses AES-256 symmetric encryption and appends filenames with patterns such as .@D0glun@ or similar. The malware encrypts files rapidly, changes the desktop wallpaper, and drops ransom notes typically named @[email protected], Desktopcxl.txt, or help.exe. The campaign has shown signs of shared infrastructure and code reuse from Cheng Xilun, but there is no confirmed evidence of a large-scale or mature operation. Its activity so far suggests it is being tested or deployed by a small group or individual rather than a structured affiliate network.
External Analysis |
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/d0glun |
https://www.pcrisk.com/removal-guides/31986-d0glun-ransomware |
https://bazaar.abuse.ch/browse/signature/D0glun/ |
https://cs.beta.fletch.ai/p/d0glun |
Urls |
Screen |
http://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion |
|