Cryptone

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
CryptOne is a Delphi-based crypter malware, dating back to 2015, that has been frequently used by various malicious software families such as Gozi, Dridex, NetWalker, and WastedLocker. This crypter is reportedly offered as a Crypter-As-A-Service and it's capable of detecting and disabling a list of security software. While it was initially utilized by Qakbot, which had its own set of crypters including CryptOne, Quartz, and Quixotic, CryptOne has since been adopted by more malware families and variants, suggesting it may be a third-party service. In recent times, former ITG23 actors have also exploited CryptOne to crypt malware other than Qakbot, including an attack in the fall involving NetSupport and a Vidar infostealer incident from March 2023. The wide range of different malware families using CryptOne indicates its versatility and adaptability in the realm of cyber threats. It can infect systems through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Indicators of Compromise (IoCs) related to CryptOne are specifically associated with its use by Evil Corp. A sample crypted by CryptOne, as used by WastedLocker, has been discovered. WastedLocker itself is protected with a custom crypter, referred to as CryptOne by Fox-IT InTELL. Given the broad application of CryptOne across multiple malware families, it's imperative for cybersecurity measures to be updated and reinforced against this persistent threat.
What's your take? (Question 1 of 2)
3cfb6598-24f8-4ac7-ab71-f275cd445b7e Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
WastedLocker
2
WastedLocker is a type of malware developed by the Evil Corp Group, known for its malicious activities. This malware variant was first identified in 2020 and is part of an evolution of ransomware that began with Dridex, followed by DoppelPaymer developed in 2019, and then WastedLocker. The malware i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Crypter
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cryptone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SecurityIntelligence.com
a year ago
The Trickbot/Conti Crypters: Where Are They Now?
MITRE
a year ago
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group