Cactus Ransomware: New strain in the market

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/19/2024

    Severity: High

    Summary

    Ransomware has been a persistent threat for years, remaining a top choice for cyber extortion and impacting organizations of all sizes. It acts like a digital kidnapper, locking files and demanding ransom, often exploiting software vulnerabilities and human errors like phishing. Recently, a new variant of Cactus Ransomware emerged, targeting various commercial entities and high-profile victims since March 2023.

    Indicators of Compromise (IOC) List

    IP Address

    163.123.142.213

    Hash

    26f3a62d205004fbc9c76330c1c71536

39fe99d2250954a0d5ed0e9ff9c41d81

91acdfd491f3618bdb8d2af77452a760

d4eedad29418ca69303b00d5b80093fc

d5e5980feb1906d85fbd2a5f2165baf7

d9f15227fefb98ba69d98542fbe7e568

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address

    dstipaddress IN ("163.123.142.213") or ipaddress IN ("163.123.142.213") or publicipaddress IN ("163.123.142.213") or srcipaddress IN ("163.123.142.213")

    Hash

    md5hash IN ("91acdfd491f3618bdb8d2af77452a760","26f3a62d205004fbc9c76330c1c71536","39fe99d2250954a0d5ed0e9ff9c41d81","d9f15227fefb98ba69d98542fbe7e568")

    Reference:

    https://www.trellix.com/blogs/research/cactus-ransomware-new-strain-in-the-market/

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.