Stormous
| Active | RaaS
Stormous is an Arabic-speaking, pro-Russian ransomware and hacktivist group active since at least 2022, known for politically motivated attacks across 15+ countries, collaborating with GhostSec on the GhostLocker 2.0 RaaS platform and inheriting GhostSec's RaaS operations in mid-2024.
Victims
174
First Discovered
2022-03-22
victim
Last Discovered
2026-05-13
victim
Inactive Since
8
days
Avg Delay
17.2
days
Infostealer
53.0%
victims with domain
Countries
41
hit
Attack Velocity — Last 12 months
9 victims this month
Known Locations (4)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Database Shop | No | 2026-04-28T07:21:45 |
3slz4povugieoi3tw7sblxoowxhbzxeju427cffsst5fo2tizepwatid.onion
|
|||
|
Stormous _ official Site | No | 2026-04-28T07:24:18 |
h3reihqb2y7woqdary2g3bmk3apgtxuyhx4j2ftovbhe3l5svev7bdyd.onion
|
|||
|
Stormous.Leak | No | 2026-05-21T14:36:56 |
pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion
|
|||
|
StormouS.X BLOG | Official blog | No | 2026-04-28T07:26:54 |
stmxylixiz4atpmkspvhkym4xccjvpcv3v67uh3dze7xwwhtnz4faxid.onion
|
Target
Top 5 Activity Sectors
- Technology 27
- Business Services 25
- Hospitality and Tourism 18
- Manufacturing 16
- Public Sector 13
Top 5 Countries
-
United States
12
-
Spain
11
-
United Arab Emirates
10
-
France
10
-
Brazil
7
Heatmap
TTPs Matrix (14)
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Impact | Resource Development | Reconnaissance |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Command and Scripting Interpreter | Scheduled Task/Job | Abuse Elevation Control Mechanism: Bypass UAC | Obfuscated Files or Information | OS Credential Dumping | Network Service Discovery | Remote Services: Remote Desktop Protocol | Data from Local System | Exfiltration Over C2 Channel | Application Layer Protocol: Web Protocols | Data Encrypted for Impact | Obtain Capabilities: Tool | Active Scanning |
| Exploit Public-Facing Application | Command and Scripting Interpreter: Visual Basic | Account Manipulation | Obfuscated Files or Information: Software Packing | File and Directory Discovery | Remote Services: SMB/Windows Admin Shares | Archive Collected Data | Exfiltration Over Web Service: Exfiltration to Cloud Storage | Inhibit System Recovery | |||||
| Trusted Relationship | User Execution: Malicious File | Server Software Component: Web Shell | Obfuscated Files or Information: Fileless Storage | ||||||||||
| Phishing | Create or Modify System Process: Windows Service | Obfuscated Files or Information: Encrypted/Encoded File | |||||||||||
| Phishing: Spearphishing Attachment | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | Indicator Removal | |||||||||||
| Impair Defenses: Disable or Modify Tools |
YARA Rules (1)
Victims (174)
$900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interior…
+40G Full Financial Backups (Quickbooks & Reckon)-Email Archives & Staff Personal Folders-Customer/C…
We have gained full control over 700 GB of data, which includes: meticulous compliance audit data, c…
The extracted data comprises administrative and financial records, payroll sheets, and client and pa…
$900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interior…
Financial & Sales Intelligence ، Sales Statistics by Quarter (Q1, Q2, Q3, Q4)، Corporate & Strategic…
Personally Identifiable Information (PII), Electronic Fiscal Documents (CFDI/XML), Financial Trans…
endor & Corporate Data ( Name-Email-Numbers/PMS NAME ), Financial Accounting Records , sales Order R…
We have gained full control over 700 GB of data, which includes: meticulous compliance audit data, c…
Administrative/System Files/ADMIN, DOAS,General operational, administrative records, and potential s…
Project Planning & Execution Documents - AKTUALIS KIVITELI TERVEK (Folder)/ Confidential Contract/Sc…
(Folders/Files) Email/Communication/System/Application Data AYEAPLICACIONES database/Log Data BDATOS…
All of this data is offered for sale (user information: email, phone number, full name, date of birt…
Marjane Group is a Moroccan retail group that owns the Marjane hypermarkets and Marjane Market super…
Personal data (individual names, photos, etc.), company/business data (company names, services, tool…
Sincroslab Sas is a company in Colombia, with a head office in Bogota D.C.. It operates in the Misce…
Vision Inks and Resins Limited ( previously known as Vision Inks & Resins ) is established in May 19…
Plaintext authentication credentials (usernames/passwords)-(full names, dates of birth, gender)-(add…
Health information for 600,000 patients has been accessed from the North Country Health (NCH) care…
Access to Hy-Vee’s environment was obtained through compromised Atlassian accounts, including tools …
Customer names, identification numbers, production orders, client records, delivery tracking data, c…
Data of over +40,000 individuals has been accessed. The data includes email addresses, passwords, da…
Data of 1,000 registered distributors and sellers – employee and customer information – admin login …
User account data (partially hidden emails)
Authentication tokens (OAuth t…
We present a comprehensive leak including full email addresses and password hashes from multiple hig…
A large amount of valid banking card data from various sources – customer information from ID cards,…
Full names of hotel guests a
Email addresses (internal and external)
Customer co…
Full names of hotel guests a
Email addresses (internal and external)
Customer complaints and…
CVs - FACTURES - Hwawei.com - AA GROUPE 2025 - RESERVATION 2025 - PERSONNELS - INFOS - STAGIAIRES ..…
Full reservation databases
Booking platform references (including HeyTripGo…
Full customer reservation databases (names, phones, emails, addresses, booking dates)
Scann…
Full customer reservation databases (names, phones, emails, addresses, booking dates)
Scann…
Full customer reservation databases (names, phones, emails, addresses, booking dates)
Scann…
Internal Data - System Data - 73 Partner Data - Customer Data (Email, Name, Phone Number) - Admin Da…
Data Size: 700GB, Status: ?, Data Type: Because this company receives product design drawings from o…
Data :60GB - Status: ? - Data type: Email operations associated with all employees - attachments inc…
Personal data of students, such as addresses, phone numbers, and more ... Internal correspondence of…
Data Size: 3GB, Status: Leaked, Data Type: Apps - Attachments - Daily Admission Copies - Documents -…
Data Size: 300GB, Status: ?, Data Type: We have extracted more than 300GB of data, which includes s…
THE FULL LEAK OF FRACTAL ID IS HERE ! web.fractal.id
We have extracted over 10GB of DATA from the K…
Data Breach at Ascires Biomedical Group here!
We have extracted over 700 GB of data from the syste…
Bombay grill located at Zagreb, Tkalcieva is one of up coming leading restaurant & Bar. committed to…
Cal-Comp is the largest Electronics Manufacturing Services (EMS) Company in Thailand and Southeast A…
Our activities cover the regulatory, technical, medical, marketing, building and administrative mana…
UFFS is a public federal university located in the southern region of Brazil. It was established to …
"PT Kereta Api Indonesia" is the national railway company in Indonesia, also known as "Kereta Api." …
The PC Market, a computer and hardware store, is the number one choice in Uzbekistan. Pc Market is a…
Comtrade is a dynamic and well-established group of technology companies, with a 30-year track recor…
Zewail City of Science and Technology is a nonprofit, independent institution of learning, research …
VietNam Electricity (EVN) is the largest power company in Vietnam serving more than 19 million custo…
Rajamangala University of Technology Tawan-Ok It is a university of science and technology. Establis…
Trabzon Akabat University was established by Law No. 7141 published in the Official Gazette No. 3042…
Zone Soft is present in more than 30 thousand customers in Portugal, Brazil, Spain, South Africa, Ca…
The Jasper Picture Company is an ideal choice for creating corporate video production content for al…
Ministerio de Cultura de la Republica de Cuba - The triumph of the Cuban Revolution, government cult…
It is the body of the Central State Administration in charge of proposing, and once approved, direct…
Ministry of Energy and Mines . Ministry created on December 3 , 2012 as an agreement of a meeting of…
ngersoll Rand is a global market leader with a broad range of innovative and mission-critical air, f…
creative software agency that specializes in making customized software solutions…
The Sage Partner Network is a vibrant, close-knit partner community focused on winning together. Par…
In 2013, Mare expanded its business and opened the Mare Hotel complex within the same compound. The …
safari travel company in Tanzania, offering unique and adventurous experiences. We are committed to …
We at Nipun impart training and the skill-set that is required to succeed in the Pharma Industry. We…
Cameron Memorial Community Hospital is a 40-bed, critical-access hospital located in Angola, Indiana…
Turvatehnika As is a security and protection company established in Tallinn, Estonia in 1995. Since …
For years, the name Berjaya Clubs has been sparking visions of scenic surroundings, great golfing ex…
Catholic educational establishment located in Blois, Campus La Providence is organized around a voca…
