INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
JadePuffer Malware Targets Ransomware Capabilities
| 2026-07-06 08:30 CRITICAL HIGHExecutive Summary AI-generated
Researchers claim the world's first fully agentic ransomware, JadePuffer, has been unleashed on cloud security firm Sysdig. This adaptive and automated campaign targets an internet-facing Langflow instance by exploiting CVE-2025-3248, encrypting all Nacos service configuration items and deleting originals. The attackers use vulnerability exploitation, reconnaissance, credential harvesting, lateral discovery, persistence, and data destruction to achieve their goal without requiring any operator expertise. JadePuffer highlights the potential of large language models in carrying out ransomware attacks, offering a new detection and triage opportunity for network defenders.
Technical Mitigations AI-generated
* Implement robust least privilege access controls to limit the attack surface and reduce the risk of lateral movement.
* Regularly update and patch internet-facing systems, including operating systems, applications, and services, to prevent exploitation of known vulnerabilities.
* Use multi-factor authentication (MFA) for all users who require elevated privileges or have sensitive data.
* Continuously monitor network traffic and system logs for suspicious activity, and respond promptly to potential threats.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2025-3248CVE-2025-3248
CVE-2021-29441CVE-2021-29441
Target & Sectors
Global Scope
legallegal
defensedefense
Incident Timeline
March 11, 2026
Researchers claimed the JadePuffer ransomware was their first fully agentic variant.
Click on any entity below to view its context and source!
organisation
VirusTotal
The artifact was
uploaded
to the VirusTotal platform on March 11, 2026, and has zero detections across all engines to date.
2026/07/06
JadePuffer attackers used a Telegram bot to forward operator messages to an LLM API endpoint, which then translated the instructions into shell commands.
Click on any entity below to view its context and source!
organisation
JadePuffer
Researchers Claim First Fully Agentic Ransomware: JadePuffer.
The agentic threat actor (ATA) behind the operation has been codenamed JADEPUFFER.
organisation
Ransomware
Four Key Takeaways
Sysdig
claimed
its JadePuffer discovery highlights four things:
Ransomware can be carried out by
LLM agents rather than skilled threat actors.
organisation
CrownX.
The ransomware component has been internally named CrownX.
"The attack began with a spoofed legal document email directing recipients to a password protected archive on Proton Drive," Blackpoint Cyber researchers Nevan Beal and Sam Decker
said
.
organisation
New Avalon
New Avalon Malware Framework Packs CrownX Ransomware Capabilities.
organisation
ATA
The agentic threat actor (ATA) behind the operation has been codenamed JADEPUFFER.
organisation
Sysdig
It then ran “an adaptive and fully automated campaign” which resulted in “a destructive database-extortion playbook against the victim's production database server,” according to Sysdig's Threat Research Team.
organisation
Threat Research Team
It then ran “an adaptive and fully automated campaign” which resulted in “a destructive database-extortion playbook against the victim's production database server,” according to Sysdig's Threat Research Team.
organisation
CVE-2025-3248
The operator "gained initial access to an internet-facing Langflow instance through CVE-2025-3248 and ran an adaptive and fully automated campaign, ultimately pivoting to the intended target and running a destructive database-extortion playbook against the victim's production database server," Sysdig's Michael Clark said.
organisation
LLM
Langflow access via vulnerability exploitation
Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
Local data theft including Langflow's own backing Postgres database
Lateral discovery for services reachable from the Langflow host
MinIO object-store enumeration and credential harvest
Creation of cron job on the Langlow server for persistence
Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
Targeting of Nacos with various payloads including exploitation of CVE-2021-29441
Mass data destruction appears to have been the aim.
"This work introduces an LLM translation layer that replaces shell syntax with plain text.
organisation
Langflow
Langflow access via vulnerability exploitation
Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
Local data theft including Langflow's own backing Postgres database
Lateral discovery for services reachable from the Langflow host
MinIO object-store enumeration and credential harvest
Creation of cron job on the Langlow server for persistence
Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
Targeting of Nacos with various payloads including exploitation of CVE-2021-29441
Mass data destruction appears to have been the aim.
organisation
Postgres
Langflow access via vulnerability exploitation
Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
Local data theft including Langflow's own backing Postgres database
Lateral discovery for services reachable from the Langflow host
MinIO object-store enumeration and credential harvest
Creation of cron job on the Langlow server for persistence
Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
Targeting of Nacos with various payloads including exploitation of CVE-2021-29441
Mass data destruction appears to have been the aim.
organisation
Langlow
Langflow access via vulnerability exploitation
Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
Local data theft including Langflow's own backing Postgres database
Lateral discovery for services reachable from the Langflow host
MinIO object-store enumeration and credential harvest
Creation of cron job on the Langlow server for persistence
Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
Targeting of Nacos with various payloads including exploitation of CVE-2021-29441
Mass data destruction appears to have been the aim.
organisation
Naming and Configuration Service
Langflow access via vulnerability exploitation
Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
Local data theft including Langflow's own backing Postgres database
Lateral discovery for services reachable from the Langflow host
MinIO object-store enumeration and credential harvest
Creation of cron job on the Langlow server for persistence
Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
Targeting of Nacos with various payloads including exploitation of CVE-2021-29441
Mass data destruction appears to have been the aim.
organisation
Nacos
The JadePuffer attackers encrypted all 1342 Nacos service configuration items and deleted the originals.
organisation
AES
“Critically, the AES key was generated as base64(uuid4().bytes + uuid4().bytes), which is essentially random, and printed to stdout but never persisted or transmitted.
organisation
IP
The IP address, 64.20.53[.]230, only appears here with no evidence that anything was backed up to it.”
organisation
Microsoft Defender
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
SentinelOne
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
CrowdStrike
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
Sophos
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
Elastic Endpoint
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
FortiEDR
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
ESET
The malware framework boasts of an extensive defense evasion subsystem that aims to evade detection, while incorporating specific methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
organisation
Avalon
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed
Avalon
that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls.
infrastructure
Windows
"Malicious content was embedded inside an ISO image rather than attached directly, reducing the likelihood of detection at the email layer."
Should the email recipient interact with a document-themed Windows Shortcut ("Secure Document CA-283505.pdf.lnk") inside the mounted image, it triggers a staged malware sequence that culminates in the deployment of Avalon.
The MSBuild project, for its part, loads an embedded .NET assembly, which then interferes with the regular functioning of Event Tracing for Windows (ETW) to reduce forensic visibility and download a next-stage payload over HTTPS responsible for launching Avalon.
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
Encrypt files associated with business operations, software development, engineering, data storage, and virtual infrastructure using Windows
Cryptography API
and deliver a ransom note containing payment instructions and deadline timers that show how much time is left before the ransom amount is increased.
organisation
ISO
"Malicious content was embedded inside an ISO image rather than attached directly, reducing the likelihood of detection at the email layer."
Should the email recipient interact with a document-themed Windows Shortcut ("Secure Document CA-283505.pdf.lnk") inside the mounted image, it triggers a staged malware sequence that culminates in the deployment of Avalon.
organisation
Windows Shortcut
"Malicious content was embedded inside an ISO image rather than attached directly, reducing the likelihood of detection at the email layer."
Should the email recipient interact with a document-themed Windows Shortcut ("Secure Document CA-283505.pdf.lnk") inside the mounted image, it triggers a staged malware sequence that culminates in the deployment of Avalon.
organisation
Event Tracing for
The MSBuild project, for its part, loads an embedded .NET assembly, which then interferes with the regular functioning of Event Tracing for Windows (ETW) to reduce forensic visibility and download a next-stage payload over HTTPS responsible for launching Avalon.
organisation
ETW
The MSBuild project, for its part, loads an embedded .NET assembly, which then interferes with the regular functioning of Event Tracing for Windows (ETW) to reduce forensic visibility and download a next-stage payload over HTTPS responsible for launching Avalon.
organisation
Gather
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
organisation
Phantom
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
organisation
Discord
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
organisation
Slack, Teams
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
organisation
WireGuard
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
organisation
Chromium
The complete set of features built into Avalon is as follows -
Harvest credentials, cookies, history, and bookmarks from Chromium-based browsers and Mozilla Firefox.
organisation
Mozilla Firefox
The complete set of features built into Avalon is as follows -
Harvest credentials, cookies, history, and bookmarks from Chromium-based browsers and Mozilla Firefox.
organisation
Collect
Collect details about SSH known hosts, saved RDP connections, Wi-Fi profiles, and Group Policy Preferences cpassword artifacts.
organisation
SSH
Collect details about SSH known hosts, saved RDP connections, Wi-Fi profiles, and Group Policy Preferences cpassword artifacts.
organisation
RDP
Collect details about SSH known hosts, saved RDP connections, Wi-Fi profiles, and Group Policy Preferences cpassword artifacts.
organisation
API
Once launched, the implant transmits basic details about the compromised system to the attacker's Telegram bot and enters into a command-and-control (C2) loop that polls the bot API every 5 seconds for new messages.
organisation
Telegram
The attacker types plaintext instructions in Telegram," Palo Alto Networks Unit 42
said
.
organisation
Palo Alto Networks Unit
The attacker types plaintext instructions in Telegram," Palo Alto Networks Unit 42
said
.
Tactical Metrics
Metrics
infrastructure
Windows
Affected Product
Click for context!
"Malicious content was embedded inside an ISO image rather than attached directly, reducing the likelihood of detection at the email layer."
Should the email recipient interact with a document-themed Windows Shortcut ("Secure Document CA-283505.pdf.lnk") inside the mounted image, it triggers a staged malware sequence that culminates in the deployment of Avalon.
The MSBuild project, for its part, loads an embedded .NET assembly, which then interferes with the regular functioning of Event Tracing for Windows (ETW) to reduce forensic visibility and download a next-stage payload over HTTPS responsible for launching Avalon.
Gather data from cryptocurrency wallet apps like MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
Encrypt files associated with business operations, software development, engineering, data storage, and virtual infrastructure using Windows
Cryptography API
and deliver a ransom note containing payment instructions and deadline timers that show how much time is left before the ransom amount is increased.
Intelligence Sources
The Hacker News
2026-07-03
Infosecurity-Magazine
2026-07-06
Researchers Claim First Fully Agentic Ransomware: JadePuffer
Infosecurity-Magazine
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-07-06T10:30
Comprehensive Tactical Telemetry
Highly Correlated Entities
42x
organisation
Identified Entity
JadePuffer
entity
6x
tactic
Cyber Operation Type
Ransomware
tactic
4x
tactic
MITRE ATT&CK Technique
T1588.001 - Malware
technique
2x
vulnerability
Exploited CVE
CVE-2021-29441
cve
2x
timeline
Temporal Reference
2021
date
2x
industry
Targeted Sector
Legal
sector
Contextual Telemetry
Context Block
4 METRICS
general metric
Second
31
second
infrastructure
Affected Product
Windows
software
general metric
Seconds
5
seconds
general metric
Palo Alto Networks Unit
42
palo alto networks unit
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.