Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

Sept. 11, 2024, 8:24 a.m.

Description

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical incidents, and an updated encryptor variant. It anticipates increased Cicada3301 activity.

Date

Published: Sept. 11, 2024, 8:08 a.m.

Created: Sept. 11, 2024, 8:08 a.m.

Modified: Sept. 11, 2024, 8:24 a.m.

Indicators

8ec114b29c7f2406809337b6c68ab30b0b7f0d1647829d56125e84662b84ea74

56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7

3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab

2d73b3aefcfbb47c1a187ddee7a48a21af7c85eb49cbdcb665db07375e36dc33

0260258f6f083aff71c7549a6364cb05d54dd27f40ca1145e064353dd2a9e983

91.238.181.238

103.42.240.37

http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/

Attack Patterns

Cicada3301

Repellent Scorpius

T1213

T1489

T1486

T1105

T1071

T1563

T1562

T1059

CVE-2024-1709

CVE-2024-1708