███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

ZCryptor

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

ZCryptor

CATEGORY:

RANSOMWARE

DESCRIPTION:

ZCryptor is a ransomware that spreads via removable drives and encrypts files on infected systems. It was first discovered in 2016 and uses sophisticated propagation techniques to infect multiple systems through USB drives and other removable media.

ALIASES:

zcryptor-ransomware

TAGS:

ransomwarefile_encryptionremovable_drive_spreadusb_propagation

[MUTEX_SIGNATURES](1)

[MUTEX_01]

zcrypt1.0

ANALYST: @adhikara13 DATE: 2024-07-19

REFERENCES:

https://www.helpnetsecurity.com/2016/05/27/zcryptor-ransomware-spreads-via-removable-drives/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2016

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:4

CATEGORY:RANSOMWARE

Malware profile loaded successfully