French version: 🇫🇷

Active since September 2020, the Egregor ransomware is currently being used in Big Game Hunting operations. Part of the Sekhmet malware family, Egregor is sometimes considered the successor to Maze. It is made available to various affiliates, explaining the different chains of infection reported. Trojans such as Qakbot, Ursnif and IcedID, can be used to deliver Egregor.

This report provides a synthesis of ANSSI’s knowledge on this malware.

Indicators of compromise are available on the page CERTFR-2020-IOC-006.

DOWNLOAD THE REPORT