Older variants were submitted from the following countries: The latest DoDo ransomware samples have been submitted to a public file scanning service from the following countries: This is a project was created to make it easier for malware analysts or ordinary users to understand how credential grabbing works and can be used for analysis, research, reverse engineering, or review.” However, threat actors have been actively using this builder to target victims and steal information by using the built-in functions shown in Figure 2, below.įigure 1: File icon of the DoDo ransomware samplesįigure 2: Mercurial Grabber’s configuration screen Mercurial only demonstrates what type of information attackers can grab from a user’s computer. This program is intended to be used for educational purposes only. It was posted on GitHub on 3 June 2021 with the following disclaimer: “Please do not use the program maliciously. Mercurial Grabber is an open-source malware builder that can generate an infostealer configured to steal information such as Discord tokens, machine information, Windows product keys, and Chrome passwords from victims’ machines. Infection Vector - DoDo ransomware samples have the “Mercurial Grabber” file icon, which indicates the ransomware was likely distributed as such. However, a slightly different version of the DoDo ransomware has recently emerged, described below. Because it is a derivative, the DoDo ransomware is not considered new and recent. It is a variant of the widely reported and observed Chaos ransomware. DoDo ransomware was first reported last February of 2023.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |