ioc[.]one - OSINT Cyber Threat Intelligence Database

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Tags

cmtmf-attack-pattern:	Command-Line Interface
country:	Philippines Poland United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Command-Line Interface - T1605 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol - T1639.001 File And Directory Discovery - T1420 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Bits Jobs - T1197 Command-Line Interface - T1059 Execution Through Api - T1106 File And Directory Discovery - T1083 Modify Registry - T1112 Peripheral Device Discovery - T1120 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Scheduled Task - T1053 Scripting - T1064 System Information Discovery - T1082 Command-Line Interface Execution Through Api Scripting

Show in Graph

Common Information

Type	Value
UUID	d4e7b84a-796d-418a-b2ad-ed8dc1ec84fd
Fingerprint	a530b8b90c7f8e0d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 14, 2023, 8:02 a.m.
Added to db	Feb. 14, 2023, 2:53 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Cisco Talos Intelligence Blog
Title	New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Detected Hints/Tags/Attributes	102/4/30

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	68	✔	Cisco Talos Blog	https://blog.talosintelligence.com/rss/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	5	coinpayments.net
Details	Domain	74	proton.me
Details	Domain	8	laplas.app
Details	Domain	71	transfer.sh
Details	Domain	5	clipper.guru
Details	Domain	904	snort.org
Details	Email	3	noreply@coinpayments.net
Details	Email	2	hack3dlikeapro@proton.me
Details	File	95	pdf.exe
Details	File	1	e7okc9s3llhad13.exe
Details	File	140	files.txt
Details	File	1	tcobaiszyl.exe
Details	File	2126	cmd.exe
Details	File	6	win.inf
Details	File	3	downloader.vbs
Details	IPv4	3	193.169.255.78
Details	IPv4	13	144.76.136.153
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	80	T1064
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	40	T1197
Details	MITRE ATT&CK Techniques	279	T1060
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	188	T1120
Details	MITRE ATT&CK Techniques	22	T1048.003
Details	MITRE ATT&CK Techniques	472	T1486
Details	Url	1	https://laplas.app