Rancoz is a ransomware threat actor/gang referenced in reporting on ransomware activity in 2023. In the provided content, Rancoz is specifically associated with use of command and scripting tools and with system information discovery behavior. Picus Security reporting states that Rancoz ransomware enumerates drive types, including DRIVE_REMOTE, to identify targets for encryption, which maps to MITRE ATT&CK System Information Discovery (T1082). Separate reporting also notes Rancoz among ransomware actors that leveraged command and scripting tools, and that the group was observed in Q3 2023 but not in Q4 2023. No additional high-confidence attribution, victimology, sub-groups, or nation-state affiliation is provided in the content. Known alias in the content: rancoz.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 malware family attributed to this actor across reporting.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ransomware group observed in Q3 2023 but not observed in Q4 2023 (per Dragos tracking of industrial-targeting ransomware).
Ransomware using discovery (drive enumeration) to locate files across local/remote drives and network shares for encryption.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.