Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

0apt

| RaaS

The group appears unreliable. Most, if not all, of its alleged victims cannot be verified and appear to be randomly selected organizations. WE HAVE DECIDED TO REMOVE ENTRIES FOR THIS GROUP

Known Locations (1)
Favicon Title Type Available Last Visit Server Info FQDN
favicon 404 - Compromised No 2026-05-22T13:10:47 BaseHTTP 0.6 Python 3.12.3 oaptxiyisljt2kv3we2we34kuudmqda7f2geffoylzpeo7ourhtz4dad.onion
Ransom Notes (1)
Vulnerabilities Exploited (4)
This information is provided by Ransomware-Vulnerability-Matrix
Vendor Product CVE Source
Palo Alto Networks PAN-OS (Edge Firewalls) CVE-2024-3400
Ivanti Ivanti ICS CVE-2025-22457
Ivanti VPN Appliance CVE-2024-21887
Oracle Oracle E-Business Suite (EBS) CVE-2025-61882
TTPs Matrix (11)
This information is provided by Crocodyli & Ransomware.live
Initial Access Execution Persistence Defense Evasion Credential Access Discovery Lateral Movement Collection Exfiltration Command and Control Impact
Valid Accounts Windows Management Instrumentation Scheduled Task/Job: Scheduled Task Rootkit OS Credential Dumping System Information Discovery Remote Services: Remote Desktop Protocol Data from Local System Exfiltration Over C2 Channel Application Layer Protocol: Web Protocols Data Destruction
External Remote Services Command and Scripting Interpreter: PowerShell Boot or Logon Autostart Execution: Registry Run Keys Obfuscated Files or Information OS Credential Dumping: LSASS Memory File and Directory Discovery Remote Services: SMB/Windows Admin Shares Data from Network Shared Drive Exfiltration Over Web Service Encrypted Channel Data Encrypted for Impact
Phishing User Execution: Malicious File   Masquerading Credentials from Password Stores Network Share Discovery Lateral Tool Transfer Input Capture     Service Stop
Phishing: Spearphishing Attachment     Process Injection   Cloud Service Discovery   Automated Collection     Inhibit System Recovery
      Indicator Removal       Archive Collected Data      
      Deobfuscate/Decode Files or Information              
      Impair Defenses: Disable or Modify Tools              
      Hidden Artifacts              
      Debugger Evasion              
      Email Spoofing              
      Delay Execution              
YARA Rules (1)
Indicators of Compromise (IoCs) (4)
Hash MD5 4
Type IOC
Hash MD5 0f7d721e4e5e2ce0a5c629f2fd4ac572
Hash MD5 29144c2f5acd859adf08d42ffcd74f50
Hash MD5 370fbcc6711fb983ae4679f02c5ac461
Hash MD5 fb42dec2c39cd7884ca4cb6b76308f51