Nitrogen
| Active
Nitrogen began as a malware loader in 2023 used to deliver BlackCat/ALPHV ransomware, then evolved into a fully independent ransomware operator by mid-2024, operating its own strain derived from leaked Conti 2 builder code and conducting double-extortion attacks primarily linked to Eastern European infrastructure.
Victims
47
First Discovered
2024-09-30
victim
Last Discovered
2026-05-11
victim
Inactive Since
9
days
Avg Delay
189.5
days
Infostealer
25.5%
victims with domain
Countries
9
hit
Attack Velocity — Last 12 months
1 victim this month
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
NitroBlog | No | 2026-05-20T12:43:06 |
nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion
|
|||
|
No | 2026-04-28T07:21:15 |
6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 13
- Business Services 11
- Technology 8
- Consumer Services 3
- Hospitality and Tourism 3
Top 5 Countries
-
United States
33
-
Canada
6
-
Portugal
2
-
Taiwan, Province of China
1
-
France
1
Heatmap
Ransom Notes (2)
TTPs Matrix (11)
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
|---|---|---|---|---|---|---|---|---|---|---|
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Exploitation for Privilege Escalation | Obfuscated Files or Information | OS Credential Dumping: LSASS Memory | System Service Discovery | Remote Services: Remote Desktop Protocol | Automated Collection | Automated Exfiltration | Application Layer Protocol |
| Command and Scripting Interpreter: PowerShell | Scheduled Task/Job: Scheduled Task | System Binary Proxy Execution | Process Discovery | Remote Services: SMB/Windows Admin Shares | Exfiltration Over C2 Channel | Application Layer Protocol: Web Protocols | ||||
| User Execution: Malicious File |
YARA Rules (1)
Indicators of Compromise (IoCs) (11)
Hash MD5
6
tox
5
Victims (47)
One of the leaders in video stream optimization, security, and content monetization. Offers advanced…
DeWalch Technologies, Inc. is a vertically integrated engineering and manufacturing company with ope…
QualiChem, Inc. manufactures some of the most advanced metalworking fluids available in the world.…
The company specializes in the development, engineering, and manufacturing of various components and…
Specializing in instrumental welding (TIG, Micro TIG, MIG), microlaser welding, laser cladding, lase…
A major manufacturer of art materials for professional artists and designers: acrylic paints, oils, …
An American company founded in 1947. It mines and processes sodium bentonite, a natural clay used in…
This is a commercial printing house that deals with design, offset and digital printing.…
Heffner is a family-owned Toyota and Lexus dealership offering a full range of services, including v…
Ocean Edge Resort & Golf Club is a 429-acre resort in Brewster, Cape Cod (Massachusetts) featuring a…
One of the largest importers and distributors of wines and spirits in the U.S. market.…
Sale of new cars of famous brands: Chevrolet, Chrysler, Dodge, Jeep, Ram. Sale of used cars, budget …
Specialising in large multi-functional residential and mixed-use projects, high-rise buildings, reta…
The Coweta County School System (CCSS) is the primary educational organization in Coweta County, Geo…
The corporation operates Class III casino gaming properties in Western New York. Seneca Gaming & Ent…
Stadtwerke Schwerte is a municipal utility company based in Schwerte, Germany. It primarily provides…
M'AR De AR Hotels is a hotel group in Portugal, offering a range of accommodations primarily in the …
Global Media Group (Global Media) is a Portuguese media holding company, owning a portfolio of print…
Sirius is a company that specializes in energy automation, particularly in the management and remote…
Headquartered in Houston, Texas, Kilgore Industries, LP designs, builds and installs HVAC, mechanica…
A Beautiful Pools, based in Texas, specializes in designing, building, and maintaining custom swimmi…
Fireproof Contractors, Inc. specializes in commercial fireproofing, thermal and acoustical insulatio…
Locke Solutions, based in Houston, Texas, is a company that primarily provides construction services…
CW Lighting is a lighting manufacturer representative serving the Houston, Texas area.…
Tejas Office Products is a company based in Houston, Texas, specializing in office supplies and rela…
Mission is a Houston-based corporation providing construction management, design/build, value engine…
SRP Federal Credit Union is a member-owned financial institution that offers a variety of financial …
An internationally-recognized company, Ottawa Valley Handrailing (OVH) has been offering high qualit…
Red Barrels Inc. is a Canadian video game developer based in Montreal. The company was founded by Ph…
Labib Funk + Associates is a design and architecture firm specializing in a variety of projects, inc…
REI specializes in the design and manufacture of electronic test equipment for security applications…
https://www.idealease.com/ Idealease is a leading provider of commercial truck leasing, rental, and …
Control Panels USA is a premier provider of custom control panel solutions, serving a diverse range …
Spectrum Furniture is a leading manufacturer of innovative and high-quality furniture solutions desi…
Magenta Photo is a premier photography company specializing in capturing life's precious moments wit…
Brechbuhler Scales Inc. is a leading provider of weighing solutions, offering a wide range of produc…
