Cisco Talos Intelligence has observed a new threat that aims to steal or demand ransom payments in cryptocurrency, and has identified two new variants of the MortalKombat ransomware family, which has recently been discovered.
REFERENCES: https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/
TAGS: mortalkombat, laplas clipper, xorist, ransomware, clipper bot, bat loader, phishing, cryptocurrency
INDUSTRY: Cryptocurrency
TARGETED COUNTRIES: United States of America, Türkiye, Philippines, United Kingdom of Great Britain and Northern Ireland
MALWARE FAMILIES: Laplas Clipper, MortalKombat
ATT&CK IDS: T1012 - Query Registry, T1021 - Remote Services, T1048 - Exfiltration Over Alternative Protocol, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1064 - Scripting, T1070 - Indicator Removal on Host, T1080 - Taint Shared Content, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1106 - Native API, T1112 - Modify Registry, T1115 - Clipboard Data, T1120 - Peripheral Device Discovery, T1140 - Deobfuscate/Decode Files or Information, T1197 - BITS Jobs, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1496 - Resource Hijacking, T1547 - Boot or Logon Autostart Execution, T1562 - Impair Defenses, T1566 - Phishing
Read More:
Comments