{ "id": "5d1d6bc0-01ea-4485-b65e-5cad712fd4ae", "created_at": "2026-04-06T00:18:25.343598Z", "updated_at": "2026-04-10T13:12:21.872056Z", "deleted_at": null, "sha1_hash": "f78be6b4a2e9bd34c8fd385dda7c0ce21dfe242b", "title": "Snake (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 27896, "plain_text": "Snake (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 12:48:14 UTC\r\nSnake Ransomware is a Golang ransomware reportedly containing obfuscation not typically seen in Golang\r\nransomware. This malware will remove shadow copies and kill processes related to SCADA/ICS devices, virtual\r\nmachines, remote management tools, network management software, and others. After this, encryption of files on\r\nthe device commences, while skipping Windows system folders and various system files. A random 5 character\r\nstring is appended to encrypted files. According to Bleeping Computer, this ransomware takes an especially long\r\ntime to encrypt files on a targeted machine. This ransomware is reported to target an entire network, rather than\r\nindividual workstations.\r\n[TLP:WHITE] win_snake_auto (20201014 | autogenerated rule brought to you by yara-signator)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.snake\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.snake\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.snake" ], "report_names": [ "win.snake" ], "threat_actors": [], "ts_created_at": 1775434705, "ts_updated_at": 1775826741, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f78be6b4a2e9bd34c8fd385dda7c0ce21dfe242b.pdf", "text": "https://archive.orkl.eu/f78be6b4a2e9bd34c8fd385dda7c0ce21dfe242b.txt", "img": "https://archive.orkl.eu/f78be6b4a2e9bd34c8fd385dda7c0ce21dfe242b.jpg" } }