Endurance

Description

Endurance is a destructive ransomware variant first observed in 2023, developed and operated by the threat actor known as IntelBroker (also referred to as Butler Spider). Rather than encrypting files for decryption, it functions primarily as a data wiper, overwriting file contents, appending randomized filenames, and then deleting the files altogether. The source code for the malware was intentionally made public by the operator, indicating its use as both a tool and a statement. Endurance was used in high-profile breaches, including targeting government agencies, large enterprises, and telecommunications providers.

External Analysis
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/endurance
https://www.mphasis.com/content/dam/mphasis-com/global/en/home/services/cybersecurity/june-21-12-the-intelbroker-data-leak-threat-actor.pdf
https://en.wikipedia.org/wiki/IntelBroker
https://www.crowdstrike.com/adversaries/butler-spider/
Urls
Screen
http://h44jyyfomcbnnw5dha7zgwgkvpzbzbdyx2onu4fxaa5smxrgbjgq7had.onion/
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen