Colddraw

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Colddraw, also known as Cuba and Fidel ransomware, first emerged on the cybersecurity threat landscape in 2019. This malicious software has been strategically targeting a moderate pool of victims over the years, marking encrypted files for the ransomware's and its decryptor's identification. The malware is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the victim's knowledge. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. Despite having a relatively small list of victims, the targets have been carefully selected. The group behind this ransomware has changed names multiple times since its inception, with other monikers including ColdDraw and Fidel. Different researchers refer to the strain of ransomware used by this group as either Colddraw or Fidel. These name changes make tracking and studying the group more challenging, adding an additional layer of complexity to the threat they pose. Kaspersky, a cybersecurity company, recently detailed the tactics, techniques, and procedures of this notorious ransomware group. In their disclosure, they identified a new alias, "V Is Vendetta," suspected to have been used by a subgroup or affiliate of the original Colddraw group. This ongoing research highlights the evolving nature of the threat posed by the Colddraw ransomware and the need for continued vigilance in cybersecurity efforts.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Fidel
2
Fidel is a form of malware, also known as Fidel ransomware or Colddraw, which is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operation
Cuba Ransomware
1
The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi
Tropical Scorpius
1
Tropical Scorpius is a notorious malware, first identified in late 2020, associated with the Cuba ransomware gang. This malicious software has been linked to multiple cybercriminal activities, including disrupting operations, stealing personal information, and holding data hostage for ransom. The ma
V Is Vendetta
1
"V is Vendetta" has emerged as a new threat actor, identified in February of this year. This group appears to have connections with the notorious ransomware group known as Cuba (also referred to as COLDDRAW and Tropical Scorpius). The link between these two entities is evident from the fact that V i
Cuba
1
The Cuba ransomware, a malicious software active since 2019, has been linked to a series of escalating attacks on US entities and European leaders. The criminal group behind the malware, known by various aliases such as Void Rabisu, UNC2596, Tropical Scorpius, and Storm-0978, has recently targeted w
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Is VendettaUnspecified
1
V is Vendetta is a recently discovered vulnerability that appears to be associated with the notorious ransomware group known as Cuba (also referred to as COLDDRAW and Tropical Scorpius). The link between the two entities became apparent when it was found that V is Vendetta's website is hosted on the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Colddraw Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securelist
8 months ago
Kaspersky malware report for Q3 2023
CERT-EU
a year ago
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America
CERT-EU
a year ago
Cuba ransomware gang looking for unpatched Veeam installations: Report | IT World Canada News
CERT-EU
10 months ago
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Cuba Ransomware Armed with New Weapons to Attack U.S Infrastructure
CERT-EU
a year ago
Cuba ransomware group observed exploiting high-severity Veeam bug