Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

Sept. 11, 2024, 8:24 a.m.

Description

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical incidents, and an updated encryptor variant. It anticipates increased Cicada3301 activity.

External References

https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/
https://otx.alienvault.com/pulse/66e14fe8e606bc88f19cf19b
Tags
ransomware
extortion
exfiltration
encryption
cybercrime
2024-09-11
cicada3301

Date

  • Created: Sept. 11, 2024, 8:08 a.m.
  • Published: Sept. 11, 2024, 8:08 a.m.
  • Modified: Sept. 11, 2024, 8:24 a.m.

Indicators

  • 8ec114b29c7f2406809337b6c68ab30b0b7f0d1647829d56125e84662b84ea74
  • 56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7
  • 3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab
  • 2d73b3aefcfbb47c1a187ddee7a48a21af7c85eb49cbdcb665db07375e36dc33
  • 0260258f6f083aff71c7549a6364cb05d54dd27f40ca1145e064353dd2a9e983
  • 91.238.181.238
  • 103.42.240.37
  • http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/
Download all indicators here!

Attack Patterns

  • Cicada3301
  • Repellent Scorpius

Linked vulnerabilities

CVE-2024-1708

None
Published:

CVE-2024-1709

None
Published: