Trusted Design

CryptXXX Ransomware Learns the Samba, Other New Tricks

概要

This new round of updates means that even if users are able to decrypt their files, whether through an updated third-party tool or by paying the ransom, CryptXXX can still cause significant downtime by encrypting files on network shares. In this post, we also detail for the first time the StillerX module that underlies the information-stealing capabilities in CryptXXX and allows threat actors to sell credentials or launch targeted attacks. Previously, CryptXXX, like many other ransomware infections, copied the layout and design of CryptoWall. With this recent update, they have now created their own template and changed the name of their decryptor to UltraDeCrypter.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

CryptoWall v4 Emerges Days After Cyber Threat Alliance Report (score: 0.72)
CryptXXX: New Ransomware From the Actors Behind Reveton (score: 0.70)
StorageCrypt ransomware, a coinminer and more (score: 0.70)
CRYPTOWALL 4 - THE EVOLUTION CONTINUES (score: 0.68)
CryptoDefense Ransomeware (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

FIN6

Score: 7.77

Matched TTPs:

T1560.003 - Archive via Custom Method
T1036.004 - Masquerade Task or Service
T1566.003 - Spearphishing via Service

MITREへのリンク →

CopyKittens

Score: 3.15

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Mustang Panda

Score: 14.60

Matched TTPs:

T1560.003 - Archive via Custom Method
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Kimsuky

Score: 17.66

Matched TTPs:

T1560.003 - Archive via Custom Method
T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32
T1588.003 - Code Signing Certificates
T1587 - Develop Capabilities
T1078.003 - Local Accounts

MITREへのリンク →

UNC3886

Score: 11.79

Matched TTPs:

T1560.003 - Archive via Custom Method
T1588.001 - Malware
T1036.004 - Masquerade Task or Service
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Lotus Blossom

Score: 3.15

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Lazarus Group

Score: 21.58

Matched TTPs:

T1560.003 - Archive via Custom Method
T1036.004 - Masquerade Task or Service
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1055.001 - Dynamic-link Library Injection
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 15.55

Matched TTPs:

T1608.002 - Upload Tool
T1486 - Data Encrypted for Impact
T1650 - Acquire Access
T1218.014 - MMC

MITREへのリンク →

Threat Group-3390

Score: 11.93

Matched TTPs:

T1608.002 - Upload Tool
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1027.015 - Compression

MITREへのリンク →

LuminousMoth

Score: 5.12

Matched TTPs:

T1588.001 - Malware
T1564.001 - Hidden Files and Directories

MITREへのリンク →

TA2541

Score: 5.61

Matched TTPs:

T1588.001 - Malware
T1027.015 - Compression

MITREへのリンク →

Ember Bear

Score: 3.95

Matched TTPs:

T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Aquatic Panda

Score: 4.55

Matched TTPs:

T1588.001 - Malware
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Andariel

Score: 3.95

Matched TTPs:

T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA505

Score: 7.73

Matched TTPs:

T1588.001 - Malware
T1486 - Data Encrypted for Impact
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

Turla

Score: 14.27

Matched TTPs:

T1588.001 - Malware
T1555.004 - Windows Credential Manager
T1124 - System Time Discovery
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

BackdoorDiplomacy

Score: 7.48

Matched TTPs:

T1588.001 - Malware
T1036.004 - Masquerade Task or Service
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

Scattered Spider

Score: 8.64

Matched TTPs:

T1588.001 - Malware
T1486 - Data Encrypted for Impact
T1136 - Create Account

MITREへのリンク →

FIN7

Score: 12.36

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1486 - Data Encrypted for Impact
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

FIN13

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT32

Score: 11.67

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 11.80

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

BITTER

Score: 3.59

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1203 - Exploitation for Client Execution

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

ZIRCONIUM

Score: 4.69

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

Magic Hound

Score: 6.96

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1486 - Data Encrypted for Impact
T1566.003 - Spearphishing via Service

MITREへのリンク →

Higaisa

Score: 9.33

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery
T1027.015 - Compression

MITREへのリンク →

Storm-0501

Score: 7.18

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1486 - Data Encrypted for Impact
T1218.010 - Regsvr32

MITREへのリンク →

APT41

Score: 5.93

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1486 - Data Encrypted for Impact
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 3.83

Matched TTPs:

T1486 - Data Encrypted for Impact
T1203 - Exploitation for Client Execution

MITREへのリンク →

Storm-1811

Score: 4.86

Matched TTPs:

T1486 - Data Encrypted for Impact
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 6.19

Matched TTPs:

T1486 - Data Encrypted for Impact
T1136 - Create Account

MITREへのリンク →

FIN8

Score: 5.49

Matched TTPs:

T1486 - Data Encrypted for Impact
T1588.003 - Code Signing Certificates

MITREへのリンク →

Moonstone Sleet

Score: 8.71

Matched TTPs:

T1486 - Data Encrypted for Impact
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Leviathan

Score: 10.32

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1055.001 - Dynamic-link Library Injection
T1027.015 - Compression

MITREへのリンク →

Inception

Score: 7.39

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

APT28

Score: 20.52

Matched TTPs:

T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1221 - Template Injection
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1669 - Wi-Fi Networks

MITREへのリンク →

Dragonfly

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 6.68

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Confucius

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 12.91

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection
T1564.001 - Hidden Files and Directories
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

OilRig

Score: 10.79

Matched TTPs:

T1203 - Exploitation for Client Execution
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Gamaredon Group

Score: 6.30

Matched TTPs:

T1221 - Template Injection
T1027.015 - Compression

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1136 - Create Account

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

Contagious Interview

Score: 6.37

Matched TTPs:

T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1036.004 - Masquerade Task or Service
T1560.003 - Archive via Custom Method
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

APT28

Score: 0.74

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection
T1669 - Wi-Fi Networks
T1564.001 - Hidden Files and Directories
T1498 - Network Denial of Service
T1550.001 - Application Access Token

MITREへのリンク →

Medusa Group

Score: 0.64

Matched TTPs:

T1650 - Acquire Access
T1218.014 - MMC
T1486 - Data Encrypted for Impact
T1608.002 - Upload Tool

MITREへのリンク →

Kimsuky

Score: 0.64

Matched TTPs:

T1588.003 - Code Signing Certificates
T1218.010 - Regsvr32
T1587 - Develop Capabilities
T1036.004 - Masquerade Task or Service
T1560.003 - Archive via Custom Method
T1078.003 - Local Accounts

MITREへのリンク →

Turla

Score: 0.56

Matched TTPs:

T1124 - System Time Discovery
T1055.001 - Dynamic-link Library Injection
T1588.001 - Malware
T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る