MegaCortex Defunct
Often deployed alongside LockerGoga. Targeted large enterprises in Europe.47
Total Victims
2019-05-01
First Seen
2020-11-17
Last Seen
0
Known TTPs
6.2d
Avg Delay
0
Negotiations
ONION URLS
vugwmr7rnijqypnx64oocx6xd64xt63u2nqzw4krc5gm7zursxnoqiin.onion
TOOLS
Atera
SharpDPAPI
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| 2020-11-17 | Federal Source Inc. | Malaysia | Media & Entertainment | Published |
| 2020-11-03 | Keystone Place Inc. | United States | Real Estate | Removed |
| 2020-11-02 | Crown & Platinum Freight | Germany | Financial Services | Negotiating |
| 2020-11-02 | Sapphire Comm | Estonia | Government | Published |
| 2020-10-16 | Grand Cast LLC | United States | Financial Services | Published |
| 2020-09-23 | EmpireClinic | United States | Professional Services | Published |
| 2020-09-05 | Lone Star & American Materials | United States | Financial Services | Published |
| 2020-08-14 | Strategic Partners GmbH | France | Government | Published |
| 2020-08-06 | Core & Pro Plus | Australia | Utilities | Removed |
| 2020-08-02 | Atlas Aero LLC | United States | Manufacturing | Published |
| 2020-07-12 | Legacy Digital GmbH | Greece | Financial Services | Removed |
| 2020-07-07 | Willow & Highland Connect | Canada | Healthcare | Published |
| 2020-05-24 | AlphaResources | United States | Construction | Published |
| 2020-05-14 | Sky Enterprises Ltd | France | Construction | Removed |
| 2020-04-20 | Oak Mining Ltd | Singapore | Media & Entertainment | Removed |
| 2020-04-14 | River Systems LLC | United States | Technology | Removed |
| 2020-04-04 | Shield Net Inc. | Japan | Telecommunications | Removed |
| 2020-04-02 | Great Products GmbH | United States | Government | Removed |
| 2020-03-12 | Innovative Networks Ltd | United States | Education | Published |
| 2020-03-04 | East Services GmbH | Ecuador | Telecommunications | Published |
| 2020-02-16 | CoastalInnovations | Germany | Manufacturing | Published |
| 2020-02-14 | Pro & Central Gen | United States | Energy | Published |
| 2020-02-14 | Spectrum Pharma LLC | Saudi Arabia | Manufacturing | Published |
| 2020-02-02 | Innovative Digital GmbH | Hungary | Hospitality | Removed |
| 2020-01-16 | True Mechanical GmbH | Singapore | Financial Services | Removed |
| 2020-01-13 | Harbor Realty GmbH | United States | Agriculture | Removed |
| 2020-01-08 | Lone Star Farm | France | Automotive | Removed |
| 2019-12-23 | Mid Solutions | Netherlands | Manufacturing | Published |
| 2019-12-23 | Heritage Life GmbH | Finland | Technology | Published |
| 2019-12-04 | Universal World Ltd | South Africa | Government | Published |
| 2019-12-02 | RiverWealth | United States | Manufacturing | Published |
| 2019-11-18 | Iron & Continental Cloud | United States | Professional Services | Published |
| 2019-11-16 | NordicSteel | Bulgaria | Government | Published |
| 2019-11-12 | Inland Transport LLC | Luxembourg | Legal | Removed |
| 2019-11-07 | Ridge Pharma | Finland | Education | Published |
| 2019-10-26 | First Chem Ltd | Luxembourg | Healthcare | Published |
| 2019-10-12 | Sterling Web Inc. | Philippines | Construction | Published |
| 2019-09-09 | Pacific Comm GmbH | Romania | Insurance | Published |
| 2019-08-23 | Pro Homes | Portugal | Utilities | Published |
| 2019-08-22 | Ultra & Patriot Mining | Netherlands | Healthcare | Published |
| 2019-07-26 | Wolf Technologies Inc. | United States | Technology | Published |
| 2019-07-15 | Global Info LLC | United States | Automotive | Published |
| 2019-07-03 | Orange Innovation | France | Telecommunications | Removed |
| 2019-06-27 | Inter Defense Ltd | United States | Construction | Published |
| 2019-06-18 | City Intel | France | Financial Services | Published |
| 2019-06-10 | WillowFoods | Spain | Transportation | Removed |
| 2019-05-19 | Summit Mining Inc. | Türkiye | Education | Removed |
No TTPs data
MegaCortex_rule_1
Elastic Security
rule MegaCortex_ransomware_1 {
meta:
description = "Detects MegaCortex ransomware"
author = "RansomwareMonitor"
date = "2026-03-06"
hash = "8023f14969a20df7ca2c25e8a38a10751c9f696626ffe7e46326419a73a38347"
strings:
$r0 = /README\..{3,10}/i
$r1 = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/
$h2 = { D6 D3 51 B3 90 24 11 44 64 DE }
$r3 = /[13][a-km-zA-HJ-NP-Z1-9]{25,34}/
$s4 = "MegaCortex" nocase
condition:
uint16(0) == 0x5A4D and
filesize < 5MB and
4 of them
}
MegaCortex_rule_2
Malpedia
rule MegaCortex_ransomware_2 {
meta:
description = "Detects MegaCortex ransomware"
author = "RansomwareMonitor"
date = "2026-03-06"
hash = "a57230ba3345a98db12df1b29f34ae4ae5b7481bfe06bc45dfb6cd5156cc44f0"
strings:
$h0 = { 5C 34 EF B4 B6 B6 DB C3 6F 4C 76 9C 03 9D B8 05 AA 32 23 11 15 FC 4 }
$s1 = "ChaCha20" nocase
$s2 = "!!!" nocase
$r3 = /README\..{3,10}/i
$h4 = { 0C C9 32 FD D5 79 C2 2F 1B D8 2F 1B 75 F6 EE 3 }
condition:
uint16(0) == 0x5A4D and
filesize < 5MB and
3 of them
}No IoCs
No ransom notes