{
	"id": "5febcc2b-00ba-4f04-9f9b-072c6f9a71fc",
	"created_at": "2026-04-06T00:08:35.907376Z",
	"updated_at": "2026-04-10T03:20:45.415934Z",
	"deleted_at": null,
	"sha1_hash": "dd8e4f840700d7cb612cfa09ff85accb54e0aec6",
	"title": "malware-ioc/RagnarLoader at master · prodaft/malware-ioc",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36635,
	"plain_text": "malware-ioc/RagnarLoader at master · prodaft/malware-ioc\r\nBy prodaftcatalyst\r\nArchived: 2026-04-05 15:44:50 UTC\r\nRagnar Loader Indicators of Compromise (IOC)\r\nRagnar Loader, also known as Sardonic, is a sophisticated toolkit of the Monstrous Mantis (a.k.a. Ragnar Locker)\r\nransomware group, which has been inflicting targeted cyberattacks on organizations since its emergence in 2020.\r\nRagnar Loader often referred to as the Ragnar Framework by its affiliates—plays an essential role by establishing\r\npersistent access to compromised systems and ensuring long-term fixation. This loader not only facilitates the\r\ninitial breach but also lays the groundwork for further network takeover and control.\r\nOriginal guide and translation of usage for the loader which includes details about the infrastructure can be read\r\nfrom the links.\r\nReport can be found at Catalyst Platform.\r\nOperational Environment\r\nCommand and Control Servers\r\n104.238.34.209\r\n173.44.141.47\r\n173.44.141.126\r\n173-44-141-47.nip.io\r\n104-238-34-209.nip.io\r\nHashes\r\nSHA256\r\n9e0611913bdf8493fcae353e3fe78c3d01ae43d8aa1fd92940e84934c31b8729\r\n838ad9a8c49660120ccd52d79b9eeaa43ea62eedaa9ae4c1451fb0edce4978ec\r\ndae284f6383b7b59d92947fb79e556582d9a4f5a860846925713093cb9a874fa\r\nSource: https://github.com/prodaft/malware-ioc/tree/master/RagnarLoader\r\nhttps://github.com/prodaft/malware-ioc/tree/master/RagnarLoader\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/prodaft/malware-ioc/tree/master/RagnarLoader"
	],
	"report_names": [
		"RagnarLoader"
	],
	"threat_actors": [],
	"ts_created_at": 1775434115,
	"ts_updated_at": 1775791245,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dd8e4f840700d7cb612cfa09ff85accb54e0aec6.pdf",
		"text": "https://archive.orkl.eu/dd8e4f840700d7cb612cfa09ff85accb54e0aec6.txt",
		"img": "https://archive.orkl.eu/dd8e4f840700d7cb612cfa09ff85accb54e0aec6.jpg"
	}
}