{
  "name": "Infiltrating the Cicada3301 Ransomware-as-a-Service Group",
  "slug": "infiltrating-the-cicada3301-ransomware-as-a-service-group",
  "description": "This analysis provides an in-depth look into the operations of the Cicada3301 Ransomware-as-a-Service (RaaS) group. It details the workflow of their affiliates within the panel and examines the multi-platform capabilities of their ransomware, encompassing Windows, Linux, ESXi, and even uncommon architectures like PowerPC. The group has swiftly targeted numerous organizations across critical sectors within just a few months, with a significant focus on the United States and the United Kingdom. Their sophisticated affiliate program recruits penetration testers and access brokers, offering commissions and a feature-rich web panel. The ransomware employs advanced encryption techniques and aggressive tactics to maximize disruption, making it a formidable threat.",
  "published": "2024-10-18T08:45:06+00:00",
  "created_at": "2024-10-18T08:45:06+00:00",
  "modified_at": "2024-10-18T08:50:52+00:00",
  "created_at_opencti": "2024-10-18T08:45:06+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-10-18",
    "affiliate",
    "cicada3301",
    "encryption",
    "multi-platform",
    "ransomware",
    "sophisticated"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion"
      },
      {
        "id": "",
        "name": "7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e"
      },
      {
        "id": "",
        "name": "078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b"
      },
      {
        "id": "",
        "name": "56e1d092c07322d9dad7d85d773953573cc3294b9e428b3bbbaf935ca4d2f7e7"
      },
      {
        "id": "",
        "name": "3969e1a88a063155a6f61b0ca1ac33114c1a39151f3c7dd019084abd30553eab"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:550e38f8cd8d604b",
        "name": "Cicada3301",
        "slug": "cicada3301"
      }
    ],
    "intrusion_sets": [
      {
        "id": "9166dd37-8827-41a3-9eb9-29048a247afe",
        "name": "Cicada3301",
        "slug": "cicada3301"
      }
    ],
    "attack_patterns": [
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "d9f271ed-7685-4362-b90d-f16a14102f39",
        "name": "T1489"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "4cb4ee3b-b78f-45cf-bcaa-45a2aa968e56",
        "name": "T1570"
      },
      {
        "id": "53c193a7-f726-4bd2-ae88-4019e2604adf",
        "name": "T1046"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United Kingdom of Great Britain and Northern Ireland"
      },
      {
        "id": "",
        "name": "United States of America"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/67123c32cc8a7e3de6245c16"
  ]
}