ioc · name

power_encryptor.exe

DarkSide encryptor binary name observed across the intrusions Mandiant documented in 'Shining a Light on DARKSIDE' (May 11, 2021) - the public report on the Carbon Spider-aligned RaaS responsible for the Colonial Pipeline shutdown.

family: DarkSide
first seen: May 10, 2021
publisher: Mandiant

source citation