{
	"id": "5aeabc25-7cd7-4b21-9854-c3ad8cd9a6b2",
	"created_at": "2026-04-06T00:22:36.437938Z",
	"updated_at": "2026-04-10T03:20:17.363214Z",
	"deleted_at": null,
	"sha1_hash": "93a3e32d21e1446258b3d42e4fd34a7a9044b181",
	"title": "RAZR Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37583,
	"plain_text": "RAZR Ransomware\r\nArchived: 2026-04-05 18:27:33 UTC\r\nRAZR is a recently identified ransomware variant that abuses web hosting service called PythonAnywhere for\r\nhosting the malicious binaries. The malware uses AES-256 algorithm for encryption and appends .raz extension to\r\nthe filenames. The ransom note is dropped in form of a text file README.txt in which the attackers also threaten\r\nthat the confidential files have not only been encrypted but also exfiltrated. \r\nSymantec protects you from this threat, identified by the following:\r\nAdaptive-based\r\nACM.Untrst-Bcdedit!g1\r\nBehavior-based\r\nSONAR.ProcHijack!g45\r\nSONAR.Ransomware!g34\r\nSONAR.SuspLaunch!g195\r\nSONAR.TCP!gen1\r\nCarbon Black-based\r\nAssociated malicious indicators are blocked and detected by existing policies within VMware Carbon\r\nBlack products. The recommended policy at a minimum is to block all types of malwares from executing\r\n(Known, Suspect, and PUP) as well as delay execution for cloud scan to get maximum benefit from\r\nVMware Carbon Black Cloud reputation service.\r\nFile-based\r\nDownloader\r\nRansom.Raz\r\nTrojan Horse\r\nTrojan.Gen.MBT\r\nWS.Malware.1\r\nMachine Learning-based\r\nHeur.AdvML.A!300\r\nHeur.AdvML.A!400\r\nHeur.AdvML.A!500\r\nHeur.AdvML.B!100\r\nHeur.AdvML.B!200\r\nhttps://www.broadcom.com/support/security-center/protection-bulletin/razr-ransomware\r\nPage 1 of 2\n\nNetwork-based\r\nSystem Infected: Trojan.Backdoor Activity 634\r\nSystem Infected: Trojan.Backdoor Activity 721\r\nWeb Attack: Webpulse Bad Reputation Domain Request\r\nWeb-based\r\nObserved domains/IPs are covered under security categories in all WebPulse enabled products\r\nSource: https://www.broadcom.com/support/security-center/protection-bulletin/razr-ransomware\r\nhttps://www.broadcom.com/support/security-center/protection-bulletin/razr-ransomware\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.broadcom.com/support/security-center/protection-bulletin/razr-ransomware"
	],
	"report_names": [
		"razr-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434956,
	"ts_updated_at": 1775791217,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/93a3e32d21e1446258b3d42e4fd34a7a9044b181.pdf",
		"text": "https://archive.orkl.eu/93a3e32d21e1446258b3d42e4fd34a7a9044b181.txt",
		"img": "https://archive.orkl.eu/93a3e32d21e1446258b3d42e4fd34a7a9044b181.jpg"
	}
}