Mortalkombat

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
MortalKombat is a new ransomware family that was discovered by Talos earlier this year. It was generated by the leaked Xorist ransomware builder, a type of malware that has been in existence since 2016. MortalKombat has been used by an unidentified threat actor since December 2022 to target individuals and smaller companies. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and then encrypts critical system details, rendering the affected system inoperable. The MortalKombat ransomware is particularly notable for its focus on cryptocurrency wallets, aiming to either steal or demand payments in virtual currency. It has been deployed alongside another malware called Laplas Clipper in a financially motivated campaign. The Laplas Clipper malware is a clipboard stealer designed to trick victims into performing fraudulent cryptocurrency transactions. This dual attack strategy allows the threat actors to extort money from victims by offering a decryptor for the encrypted files and simultaneously hijacking crypto transactions. The emergence of MortalKombat, along with other new ransomware families like RA Group, RTM Locker, ESXiArgs, Chaos 4, represents a continued evolution of cyber threats. These malware campaigns have also started to use ZIP archives as a method of deployment, further expanding their potential impact. However, there is some hope for those affected; researchers have released a MortalKombat ransomware decryptor, offering a possible solution to users whose systems have been compromised.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Xorist
4
Xorist is a significant threat actor in the cybersecurity landscape, known for its malicious activities involving ransomware attacks. The Xorist ransomware first emerged in 2010 and primarily targets Windows systems. It operates under the Ransomware-as-a-Service (RaaS) model with a builder called "E
RTM Locker
1
RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Ransom
Payload
Loader
Wiper
Tool
Phishing
Talos
Fraud
Antivirus
Cisco
Bitdefender
Esxiargs
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mortalkombat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed
CERT-EU
8 months ago
Outdated Wallets Threatening Billions in Crypto Assets
CERT-EU
a year ago
Cyber Security Today, August 9, 2023 – The latest ransomware news, and more | IT World Canada News
BankInfoSecurity
a year ago
Cryptohack Roundup: Hope Finance, Platypus and Coinbase
InfoSecurity-magazine
a year ago
Clipboard-Injector Attacks Target Cryptocurrency Users
CERT-EU
a year ago
Meet the new Mortal Kombat Ransomware - Cybersecurity Insiders
CERT-EU
a year ago
20th February – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
Hackers deploy malware to attack crypto accounts – Cryptopolitan | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
InfoSecurity-magazine
a year ago
GuLoader Targets US Financial Firms With Tax-Themed Phishing Lures
CERT-EU
a year ago
Code leaks are causing an influx of new ransomware actors
CERT-EU
a year ago
Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
CERT-EU
a year ago
Cyber Criminals Target Crypto Investors with New Malware – Here's What You Need to Know
InfoSecurity-magazine
a year ago
Crypto-Stealing Campaign Deploys MortalKombat Ransomware
CERT-EU
a year ago
Cryptocurrency users in the US hit by ransomware and Clipper malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
CERT-EU
a year ago
Crypto investors under attack by new malware, reveals Cisco Talos | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
Securityaffairs
a year ago
Bitdefender released free decryptor for MortalKombat Ransomware
Bitdefender
a year ago
Bitdefender Releases Decryptor for MortalKombat Ransomware