Cargobay

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
CargoBay is a type of malware that has been associated with various ransomware attacks, including Quantum, Zeon, and Royal. It was used to crypt SVCReady, a loader observed in the Quantum ransomware attacks. CargoBay's usage extends beyond this, as it has also been linked to numerous other malicious software such as Emotet, IcedID, CobaltStrike, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Canyon, Nokoyawa Ransomware, and BlackBasta Ransomware. The malware infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. In recent times, criminal factions have likely established new alliances with other gangs, leading to the testing and application of new malware like SVCReady, CargoBay, and Matanbuchus. Crypters such as Hexa and Dave have been deployed on these malware. Over the past year, these crypters have appeared on new malware used for initial access or information stealing, including SVCReady, CargoBay, Matanbuchus, Pikabot, Aresloader, Vidar, Minodo, and LummaC2 Stealer. The current landscape shows significant changes from the original ITG23, as its successors have tested and adopted new malware strains such as SVCReady, CargoBay, and Minodo. They have also forged relationships with new actors like FIN7 and DEV-0569. However, similarities with ITG23’s activities before Conti’s sunset suggest that many of the same actors behind these new operations continue to collaborate closely behind the scenes. X-Force has analyzed an ITG23 crypter written in Rust, along with the CargoBay family of backdoors and downloaders, indicating ongoing cooperation between cybercriminal groups.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cargobay Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SecurityIntelligence.com
a year ago
The Trickbot/Conti Crypters: Where Are They Now?
SecurityIntelligence.com
a year ago
RansomExx Upgrades to Rust