A recently observed Satan ransomware variant has added exploits to its portfolio and is looking to compromise more machines by targeting additional vulnerabilities. Satan is targeting both Linux and Windows machines and attempts to propagate by exploiting a large number of vulnerabilities. The malware continues to exploit vulnerabilities previously targeted, including JBoss default configuration vulnerability (CVE-2010-0738), Tomcat arbitrary file upload vulnerability (CVE-2017-12615), WebLogic arbitrary file upload vulnerability (CVE-2018-2894), WebLogic WLS component vulnerability (CVE-2017-10271), Windows SMB remote code execution vulnerability (MS17-010), and Spring Data Commons remote code execution vulnerability (CVE-2018-1273). The ransomware developers decided to remove Apache Struts 2 remote code execution vulnerabilities from the list of exploits, for unknown reasons. However, several web application remote code execution exploits were added to the list, and were implemented in both the Linux and Windows versions.