Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .crazy (case–insensitive; may appear in all–lower, all–upper, or mixed case—“document.docx.crazy”) Renaming Convention: The ransomware appends the .crazy extension to every encrypted filename, leaves the original base name intact, and does not change the files to random strings. Example: Quarterly_Report_Q2_2023.xlsx → Quarterly_Report_Q2_2023.xlsx.crazy 2. Detection…

Technical Breakdown – CraxsRAT (a.k.a. “CRAXS” / APT-C-55, developed by CraxSRAT) ⚠️ Important distinction: The strain now being referenced by the encrypted-file extension “.craxsrat” is NOT the Android remote-access trojan (RAT) of the same family. It is a newly-tracked ransomware module that re-uses the brand to mark its encryptions. The two share back-end C2 infrastructure…

Resource: “crashed” Ransomware – Community Threat Brief Technical Breakdown 1. File Extension & Renaming Patterns Confirmed File Extension: .crashed Renaming Convention: Victim files receive a three-part pattern that always ends in .crashed. Example: Annual_Report_2024.pdf → Annual_Report_2024.pdf.id[XXXXXXXX].[[[email protected]](mailto:[email protected])].crashed The middle token is a 6–8-character hexadecimal victim-ID. The e-mail address is payment/contact information and can change per campaign.…

[This resource is provided purely for educational, defensive, and post-incident recovery purposes. All references to offensive tactics below are based on publicly available threat-intel reports and are intended solely so defenders can recognize, block, and recover from the ransomware—not to replicate any illicit behavior.] Crash Ransomware (.crash) Technical Breakdown 1. File Extension & Renaming Patterns…

Community Security Resource Ransomware Variant: CRAFTUL Last update: 25-Mar-2024 TECHNICAL BREAKDOWN File Extension & Renaming Patterns • Confirmation of File Extension: .craftul (seen in lowercase). • Renaming Convention: …craftul Example → Report.xlsx.4CR2FUHJGL4QU.craftul Detection & Outbreak Timeline • First public appearance: late December 2023 (initial samples uploaded to VT 29-Dec-2023). • Widespread activity: February–March 2024 recruitment…

Technical Breakdown: CRADLECORE Ransomware 1. File Extension & Renaming Patterns Confirmation of File Extension: “.cradlecore” (confirmed as the exclusive final extension, lowercase, no random characters appended). Renaming Convention: • Target files are first recursively enumerated in breadth-first order. • Each file is renamed to the pattern: [original_name]↦[original_extension].cradlecore Example: Project_Q4.xlsx becomes Project_Q4.xlsx.cradlecore. • To protect system…

# Ransomware Profile: CRADLE Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: .cradle (C-R-A-D-L-E appended in lower-case after the original extension). Renaming Convention: photo.jpg → photo.jpg.cradle Budget2024.xlsx → Budget2024.xlsx.cradle ` No additional prefix or random string is inserted—the file’s original name is preserved, with only the new suffix added immediately after…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: *.crack (lower-case; no dot between original extension and new suffix) Renaming Convention: OriginalName.Extension.crack → e.g., Q1-Reports.xlsx → Q1-Reports.xlsx.crack The malware preserves the original name exactly, appending only the 5-byte .crack. 2. Detection & Outbreak Timeline Approximate First Detection: 22 January 2024 (publicized by…

Technical Breakdown – CRABSLKT Variant 1. File Extension & Renaming Patterns • Confirmation of File Extension: .crabslkt (all lowercase, appended to the original file name after the existing dot-extension; e.g., report.xlsx.crabslkt). • Renaming Convention: – Case-insensitive, never changes the base file name. – Files dropped on network shares receive the same treatment; directories are not…

Technical Breakdown: 1. File Extension & Renaming Patterns Confirmation of File Extension: Files encrypted by the Crabs ransomware are appended with the extension .<8-random-hex-characters>.crabs (example: accounts.xlsx.a1c4e7f9.crabs). Renaming Convention: The malware keeps the original filename and original extension (without the leading dot), appends a random 8-character hex string, then the final “.crabs”. Example transformation: Project-Q4.docx →…