New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

• Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.


• Talos observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389, using one of their download servers that run an RDP crawler and also facilitates MortalKombat ransomware.


• Based on Talos’ analysis of similarities in code, class name, …

actor campaign cisco cisco talos clipper clipper malware crawler cryptocurrency december desktop download exposed internet laplas laplas clipper machines malware mortalkombat mortalkombat ransomware port protocol ransomware rdp remote desktop remote desktop protocol run scanning servers steal talos threats victim