Ironchain CTI Report

Technical analysis of IronChain 3.0: a Windows x64 PyInstaller ransomware-like wiper that applies an irreversible multi-layer byte-shift before intermittent AES-GCM, generates RSA keys only in memory (never exfiltrated), overwrites the NTFS MFT and BIOS/UEFI boot components, and propagates via SMB/WMI with extensive persistence; the report concludes recovery is impossible and recommends containment and recovery from backups.