Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Sept. 11, 2024, 8:24 a.m.
Description
Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical incidents, and an updated encryptor variant. It anticipates increased Cicada3301 activity.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 11, 2024, 8:08 a.m. | Sept. 11, 2024, 8:08 a.m. | Sept. 11, 2024, 8:24 a.m. |
Indicators
8ec114b29c7f2406809337b6c68ab30b0b7f0d1647829d56125e84662b84ea74
56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7
3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab
2d73b3aefcfbb47c1a187ddee7a48a21af7c85eb49cbdcb665db07375e36dc33
0260258f6f083aff71c7549a6364cb05d54dd27f40ca1145e064353dd2a9e983
91.238.181.238
103.42.240.37
http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/
Attack Patterns
Cicada3301
Repellent Scorpius
T1213
T1489
T1486
T1105
T1071
T1563
T1562
T1059
CVE-2024-1709
CVE-2024-1708