Cryptone

Malware updated a month ago (2024-11-29T13:39:10.341Z)
Download STIX
Preview STIX
CryptOne is a Delphi-based crypter malware, dating back to 2015, that has been frequently used by various malicious software families such as Gozi, Dridex, NetWalker, and WastedLocker. This crypter is reportedly offered as a Crypter-As-A-Service and it's capable of detecting and disabling a list of security software. While it was initially utilized by Qakbot, which had its own set of crypters including CryptOne, Quartz, and Quixotic, CryptOne has since been adopted by more malware families and variants, suggesting it may be a third-party service. In recent times, former ITG23 actors have also exploited CryptOne to crypt malware other than Qakbot, including an attack in the fall involving NetSupport and a Vidar infostealer incident from March 2023. The wide range of different malware families using CryptOne indicates its versatility and adaptability in the realm of cyber threats. It can infect systems through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Indicators of Compromise (IoCs) related to CryptOne are specifically associated with its use by Evil Corp. A sample crypted by CryptOne, as used by WastedLocker, has been discovered. WastedLocker itself is protected with a custom crypter, referred to as CryptOne by Fox-IT InTELL. Given the broad application of CryptOne across multiple malware families, it's imperative for cybersecurity measures to be updated and reinforced against this persistent threat.
Description last updated: 2023-10-11T03:06:16.347Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
WastedLocker is a possible alias for Cryptone. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utili
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Crypter
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Cryptone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago
SecurityIntelligence.com
a year ago