- 제출된 URL:
- https://www.ransomware.live/
- 보고서 완료:
링크 · 70개 결과
페이지에서 식별된 외부 링크
| 링크 | 텍스트 |
|---|---|
| https://ransomwarelive.freshdesk.com/support/tickets/new | Contact us |
| https://buymeacoffee.com/ransomwarelive | Support Ransomare.live |
| https://m.ransomware.live | Mobile version |
| https://hudsonrock.com/free-tools/?=ransomwarelive | Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business |
| http://www.idn-inc.com | |
| https://www.Enjoy.Founded | |
| http://www.zoominfo.com/c/billaud-segeba/356790876 | |
| https://www.salesgig.com | |
| https://www.KHKKLOW.com | |
| http://www.brownemcgregor.com |
JavaScript 변수 · 16개 결과
페이지의 창 개체에 로드된 전역 JavaScript 변수는 함수 외부에서 선언된 변수로, 현재 범위 내에서 코드의 어느 부분에서나 액세스할 수 있습니다
| 이름 | 유형 |
|---|---|
| onbeforetoggle | object |
| documentPictureInPicture | object |
| onscrollend | object |
| isMobile | function |
| updateProgressBar | function |
| showUnderConstructionAlert | function |
| handleSearchKeyPress | function |
| animateCounter | function |
| copyTextToClipboard | function |
| getCookie | function |
콘솔 로그 메시지 · 7개 결과
웹 콘솔에 기록된 메시지
| 유형 | 카테고리 | 로그 |
|---|---|---|
| error | other |
|
| error | network |
|
| error | network |
|
| error | network |
|
| error | network |
|
| error | network |
|
| error | network |
|
HTML
페이지의 원시 HTML 본문
<!DOCTYPE html><html lang="en"><head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!--
██████╗ █████╗ ███╗ ██╗███████╗ ██████╗ ███╗ ███╗██╗ ██╗ █████╗ ██████╗ ███████╗ ██╗ ██╗██╗ ██╗███████╗
██╔══██╗██╔══██╗████╗ ██║██╔════╝██╔═══██╗████╗ ████║██║ ██║██╔══██╗██╔══██╗██╔════╝ ██║ ██║██║ ██║██╔════╝
██████╔╝███████║██╔██╗ ██║███████╗██║ ██║██╔████╔██║██║ █╗ ██║███████║██████╔╝█████╗ ██║ ██║██║ ██║█████╗
██╔══██╗██╔══██║██║╚██╗██║╚════██║██║ ██║██║╚██╔╝██║██║███╗██║██╔══██║██╔══██╗██╔══╝ ██║ ██║╚██╗ ██╔╝██╔══╝
██║ ██║██║ ██║██║ ╚████║███████║╚██████╔╝██║ ╚═╝ ██║╚███╔███╔╝██║ ██║██║ ██║███████╗██╗███████╗██║ ╚████╔╝ ███████╗
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝╚══════╝╚═╝ ╚═══╝ ╚══════╝
version 2024-09-NG (Back-to-School Next Generation edition)
by Julien Mousqueton
Contact : @JMousqueton
-->
<meta name="description" content="Ransomware.live tracks & monitors ransomware groups' victims and their activity. It was created by Julien Mousqueton, a security researcher. The website provides information on Ransomware groups, victims, negotiations, and payment demands. It also includes the latest cyberattacks.">
<meta name="keywords" content="ransomware, API, RSS, breach, leak, post, gang, data, tracking, tracker, Monitoring, monitor, victim, group, ransom, ransomwatch, julien, mousqueton, julien mousqueton, CyberSoc, CTI, negotiations, note, soc">
<!-- Open Graph / Facebook -->
<meta property="og:type" content="website">
<meta property="og:url" content="https://www.ransomware.live">
<meta property="og:title" content="Ransomware.live 👀">
<meta property="og:description" content="Ransomware.live tracks ransomware groups and their activity. It was created by Julien Mousqueton, a security researcher. The website provides information on the groups' infrastructure, victims, and payment demands. It also includes a live map that shows the latest ransomware attacks.">
<meta property="og:image" content="https://images.ransomware.live/ransomware.png">
<!-- Twitter -->
<meta property="twitter:card" content="summary_large_image">
<meta property="twitter:url" content="https://www.ransomware.live/">
<meta property="twitter:title" content="Ransomware.live 👀">
<meta property="twitter:description" content="Ransomware.live tracks & monitors ransomware groups' victims and their activity. It was created by Julien Mousqueton, a security researcher. The website provides information on Ransomware groups, victims, negotiations, and payment demands. It also includes the latest cyberattacks.">
<meta property="twitter:image" content="https://images.ransomware.live/ransomware.png">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
<!-- Favicon -->
<link rel="icon" href="/static/favicon.ico" type="image/x-icon">
<!-- Font Awesome -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.6.0/css/all.min.css">
<style>
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
display: flex;
flex-direction: column;
min-height: 100vh;
}
.menu {
width: auto;
background-color: #333;
color: white;
padding: 15px;
height: 100vh;
position: fixed;
top: 0;
left: 0;
}
.menu .logo {
text-align: center;
margin-bottom: 30px;
}
.menu .logo img {
width: 200px;
height: auto;
}
.menu ul {
list-style-type: none;
padding: 0;
line-height: 1.0;
}
.menu ul li {
padding: 10px 0;
}
.menu ul li a {
color: white;
text-decoration: none;
}
.content-wrapper {
margin-left: 240px;
padding: 20px;
width: calc(100% - 300px);
flex: 1;
}
.title {
font-size: 2.5em;
margin-bottom: 20px;
display: flex;
align-items: center;
color: #42B07D
}
.title i {
margin-right: 10px;
font-size: 1.2em;
}
.info-box {
background-color: #e9f5e9;
border: 1px solid #28a745;
padding: 15px;
margin-bottom: 20px;
border-radius: 8px;
color: #28a745;
width: 95%;
}
.info-box a {
color: inherit; /* This keeps the link color the same as the surrounding text */
text-decoration: underline; /* This adds the underline to the link */
}
.content {
display: block;
padding: 20px;
margin: 10px 0;
background-color: #f9f9f9;
border-radius: 8px;
}
.content_victims {
display: flex;
flex-wrap: wrap;
gap: 20px; /* Space between each victim card */
justify-content: flex-start; /* Align items to the left */
padding: 20px;
}
.content_victims h2 {
font-size: 2em;
margin-bottom: 20px;
color: #333;
border-bottom: 2px solid #ddd;
padding-bottom: 10px;
}
.content h2 {
font-size: 2em;
margin-bottom: 20px;
color: #333;
border-bottom: 2px solid #ddd;
padding-bottom: 10px;
}
.victim {
border: 1px solid #ddd;
border-radius: 8px;
margin: 10px;
padding: 15px;
width: 600px;
box-shadow: 0 2px 5px rgba(0,0,0,0.1);
position: relative;
display: flex;
flex-direction: column;
}
.victim h2 {
margin: 0 0 10px 0;
font-size: 1.5em;
}
.flag {
width: 30px;
height: 20px;
position: absolute;
top: 15px;
right: 15px;
}
.details-container {
display: flex;
align-items: flex-start;
margin-bottom: 10px;
}
.details-container img {
width: 150px;
height: 150px;
margin-right: 20px;
border-radius: 8px;
object-fit: cover;
}
.details-content {
flex-grow: 1;
}
.group {
background-color: #28a745;
color: white;
font-weight: bold;
padding: 5px 10px;
border-radius: 15px;
display: inline-block;
margin: 5px 0;
white-space: nowrap;
}
.group_title {
font-weight: bold;
color: #555;
display: inline-block;
margin-right: 5px;
}
.date {
color: #888;
font-size: 0.9em;
}
.sector {
margin-top: 10px;
margin-bottom: 5px;
color: #555;
}
.sector a {
text-decoration: none; /* Removes underline from links */
color: inherit;
}
.bubble {
background-color: #f1f1f1;
border-radius: 20px;
padding: 10px;
margin-top: 5px;
font-size: 0.9em;
}
.subtitle {
font-size: 12px;
}
.icons {
margin-top: auto; /* Pushes icons to the bottom */
font-size: 1.2em;
}
.icons a {
color: inherit; /* Ensures the link color matches the icon color */
text-decoration: none; /* Removes underline from links */
margin-right: 10px;
}
.icons i {
color: #555;
}
.footer {
background-color: #333;
color: white;
text-align: center;
padding: 10px;
font-size: 0.9em;
}
.footer a {
color: #ff9800;
text-decoration: none;
}
.footer a:hover {
text-decoration: underline;
}
/* Popup Styles */
.popup {
display: none;
position: fixed;
z-index: 1000;
left: 0;
top: 0;
width: 100%;
height: 100%;
background-color: rgba(0, 0, 0, 0.7);
justify-content: center;
align-items: center;
}
.popup-content {
position: relative;
background-color: #fff;
padding: 20px;
border-radius: 5px;
box-shadow: 0 0 15px rgba(0, 0, 0, 0.3);
max-width: 90%;
max-height: 90%;
overflow-y: auto;
}
.popup-content img {
max-width: 90%;
max-height: 80vh; /* Limit the height to 80% of the viewport height */
height: auto; /* Maintain aspect ratio */
width: auto; /* Maintain aspect ratio */
display: block;
margin: 0 auto; /* Center the image horizontally */
}
.popup-content .close {
position: absolute;
max-width: 90%;
top: 10px;
right: 10px;
font-size: 35px; /* Increase the font size */
color: #555;
cursor: pointer;
padding: 10px; /* Optional: Add padding to make it easier to click */
line-height: 1; /* Ensure the X is not vertically stretched */
}
.popup-content table {
width: 90%;
border-collapse: separate;
border-spacing: 0;
margin-bottom: 20px;
border-radius: 8px;
overflow: hidden; /* Ensures rounded corners apply to the entire table */
}
.popup-content th, .popup-content td {
padding: 12px 15px;
border: 1px solid #ddd;
text-align: left;
}
.popup-content th {
background-color: #727577;
color: #fff;
text-transform: uppercase;
font-size: 0.9em;
}
/* Back to Top Arrow Styles */
.back-to-top {
position: fixed;
bottom: 20px;
right: 20px;
width: 50px;
height: 50px;
background-color: #333;
color: #fff;
text-align: center;
line-height: 50px;
border-radius: 50%;
cursor: pointer;
display: none; /* Initially hidden */
z-index: 1000;
transition: background-color 0.3s ease;
}
.back-to-top i {
font-size: 20px;
}
.back-to-top:hover {
background-color: #555;
}
/* Floating Help Icon Styles */
.help-icon {
position: fixed;
top: 20px;
right: 20px;
width: 40px;
height: 40px;
background-color: #333;
color: #fff;
text-align: center;
line-height: 40px;
border-radius: 50%;
cursor: pointer;
z-index: 1000;
transition: background-color 0.3s ease;
}
.help-icon i {
font-size: 20px;
}
.help-icon:hover {
background-color: #555;
}
.group-menu {
background-color: #ffffff;
padding: 10px;
border-radius: 5px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
margin-bottom: 30px;
text-align: center;
}
.group-menu .menu-item {
margin: 0 15px;
font-size: 1.1em;
color: #007bff;
text-decoration: none;
transition: color 0.3s ease;
}
.group-menu .menu-item:hover {
color: #0056b3;
}
/* Legend Popup Styles */
.popup-content ul {
list-style: none;
padding-left: 0;
}
.popup-content ul li {
margin: 10px 0;
font-size: 18px;
}
.popup-content ul li i {
margin-right: 10px;
}
.note {
font-size: 0.85em; /* Smaller font size */
font-style: italic; /* Italic text */
color: #555; /* Optional: a subtle color */
margin-top: 15px; /* Space above the note */
}
/* Popup Actions Styles */
.popup-actions {
display: flex;
justify-content: space-between;
margin-top: 20px;
}
.popup-actions button {
padding: 10px 20px;
font-size: 16px;
cursor: pointer;
border: none;
border-radius: 5px;
}
#confirmExternalYes {
background-color: #28a745; /* Green for YES */
color: #fff;
}
#confirmExternalNo {
background-color: #dc3545; /* Red for NO */
color: #fff;
}
.popup-actions button:hover {
opacity: 0.9;
}
/* Help Icon Styles for Popup */
.help-icon-popup {
position: absolute;
top: 10px;
left: 10px; /* Position it on the left */
width: 40px;
height: 40px;
background-color: #007bff; /* Blue background */
color: #fff; /* White question mark */
border-radius: 50%; /* Make it circular */
display: flex;
align-items: center;
justify-content: center;
font-size: 24px; /* Adjust the font size as needed */
cursor: pointer;
}
.help-icon-popup::before {
content: "\f059"; /* Font Awesome question mark icon */
font-family: "Font Awesome 5 Free"; /* Font Awesome font */
font-weight: 900; /* Ensure the icon is solid */
}
.new-icon {
color: #0aed0a; /* Red color for the icon */
font-size: 1.2em; /* Adjust size as needed */
margin-left: 10px; /* Space between name and icon */
}
.group-link {
color: inherit; /* Inherits the color of the parent element */
text-decoration: none; /* Removes the underline */
}
.group-link:hover {
text-decoration: none; /* Ensure no underline on hover */
color: inherit; /* Ensure color doesn't change on hover */
}
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin-bottom: 20px;
border-radius: 8px;
overflow: hidden; /* Ensures rounded corners apply to the entire table */
}
th, td {
padding: 12px 15px;
border: 1px solid #ddd;
text-align: left;
}
th {
background-color: #727577;
color: #fff;
text-transform: uppercase;
font-size: 0.9em;
}
tr:nth-child(even) {
background-color: #f9f9f9;
}
tr:hover {
background-color: #f1f1f1;
}
td a {
color: #007bff;
text-decoration: none;
}
td a:hover {
text-decoration: underline;
}
/* Center the "Available" and "Screenshot" columns */
td.center, th.center {
text-align: center;
}
/* Rounded corners for the first and last rows */
table thead tr:first-child th:first-child {
border-top-left-radius: 8px;
}
table thead tr:first-child th:last-child {
border-top-right-radius: 8px;
}
table tbody tr:last-child td:first-child {
border-bottom-left-radius: 8px;
}
table tbody tr:last-child td:last-child {
border-bottom-right-radius: 8px;
}
.tools-table-container {
width: 90%; /* Set the width to 80% of the container */
margin: 0 auto; /* Center the table horizontally */
}
.search-box {
padding: 8px 12px;
border-radius: 20px;
border: 1px solid #ddd;
font-size: 14px;
margin-right: 20px;
flex-grow: 1; /* Adjust this to control the width */
max-width: 250px; /* Set a maximum width for the search box */
}
#readingProgressBar {
position: fixed;
top: 0;
left: 0;
width: 0%;
height: 5px;
background-color: #42b983;
z-index: 1000;
transition: width 0.25s ease-out;
}
</style>
<title>Ransomware.live - Last ransom claims</title>
<style>
.container {
display: flex;
justify-content: space-between;
align-items: center;
width: 70%;
text-align: center;
}
.column {
flex: 1;
padding: 20px;
font-size: 20px;
text-align: center;
}
.counter {
font-size: 48px;
font-weight: bold;
color: #42B07D; /* Updated counter color */
}
.custom-icon-size {
font-size: 16px; /* Change to the size you prefer */
}
</style>
<!--
<script>
(function() {
var currentHost = window.location.host;
var currentHash = window.location.hash;
// Check if the domain ends with "ransomware.live"
if (currentHash.startsWith("#/") && currentHost.endsWith("ransomware.live")) {
window.location.href = "http://old.ransomware.live/" + currentHash;
}
})();
</script>
-->
</head>
<body>
<script async="" src="https://stats.mousqueton.io/matomo.js"></script><script>
function isMobile() {
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
return /android|webos|iphone|ipad|ipod|blackberry|iemobile|opera mini/i.test(userAgent.toLowerCase());
}
window.onload = function() {
// Get the referrer
const referrer = document.referrer;
// Check if it's a mobile device and not referred from the mobile site
if (isMobile() && (!referrer || !referrer.includes("https://m.ransomware.live"))) {
window.location.href = "https://m.ransomware.live";
}
};
</script>
<!-- Reading Progress Bar -->
<div id="readingProgressBar"></div>
<script>
window.onscroll = function() {
updateProgressBar();
};
function updateProgressBar() {
var winScroll = document.body.scrollTop || document.documentElement.scrollTop;
var height = document.documentElement.scrollHeight - document.documentElement.clientHeight;
var scrolled = (winScroll / height) * 100;
document.getElementById("readingProgressBar").style.width = scrolled + "%";
}
</script>
<!-- Floating Help Icon -->
<a href="#" class="help-icon" title="Legend"><i class="fas fa-question"></i></a>
<script>
// Show or hide the "Back to Top" arrow
window.addEventListener('scroll', function() {
var backToTop = document.querySelector('.back-to-top');
if (window.pageYOffset > 100) { // Show the button after scrolling down 100px
backToTop.style.display = 'block';
} else {
backToTop.style.display = 'none';
}
});
// Scroll smoothly to the top when the arrow is clicked
document.querySelector('.back-to-top').addEventListener('click', function(event) {
event.preventDefault();
window.scrollTo({
top: 0,
behavior: 'smooth'
});
});
</script>
<div class="menu">
<div class="logo">
<a href="/"><img src="https://images.ransomware.live/ransomwarelive.png" alt="Logo"></a>
</div>
<input type="text" class="search-box" placeholder="Search..." onkeypress="handleSearchKeyPress(event)">
<br><br>
<ul>
<li><a href="/"><i class="fa-solid fa-bullseye"></i> Recent victims</a></li>
<li><a href="/cyberattacks"><i class="fa-regular fa-newspaper"></i> Cyberattacks in the press</a></li>
<li><a href="/groups"><i class="fa-solid fa-people-roof"></i> Ransomware Groups</a></li>
<li><a href="/nego"><i class="fa-solid fa-comments-dollar"></i> Negotiation Chats</a></li>
<li><a href="/ransomnotes"><i class="fa-solid fa-note-sticky"></i> Ransom Notes</a></li>
<li><a href="/stats"><i class="fa-solid fa-chart-pie"></i> Statistics</a></li>
<li><a href="/map"><i class="fa-solid fa-earth-europe"></i> Victims by country</a></li>
<li><a href="/cartography"><i class="fa-solid fa-map"></i> Cartography</a></li>
<!-- Intel Dropdown Menu -->
<li class="dropdown">
<a href="javascript:void(0)"><i class="fa-regular fa-lightbulb"></i> Intel</a>
<ul class="submenu">
<li><a href="/tools"><i class="fa-solid fa-screwdriver-wrench"></i> Tools Matrix</a></li>
<li><a href="/vulns"><i class="fa-solid fa-bug"></i> Vuln. Matrix</a></li>
<li><a href="/TTPs"><i class="fa-solid fa-compass-drafting"></i> TTPs</a></li>
<li><a href="/yara"><i class="fas fa-scroll"></i> Yara Rules</a></li>
</ul>
</li>
<li><a href="/api"><i class="fa-solid fa-code"></i> API</a></li>
<li><a href="/about"><i class="fa-solid fa-circle-info"></i> About</a></li>
<li><a href="/disclamer"><i class="fa-solid fa-scale-balanced"></i> Disclaimer</a></li>
<hr>
<li><a href="https://ransomwarelive.freshdesk.com/support/tickets/new" target="_blank"><i class="fa-solid fa-envelope"></i> Contact us</a></li>
</ul>
<style>
/* Basic Styling for Menu */
ul {
list-style-type: none;
padding: 0;
}
li {
margin: 10px 0;
}
/* Styling for the dropdown submenu */
.submenu {
display: none;
list-style-type: none;
padding-left: 20px;
margin-left: 30px; /* Moves the submenu items to the right (tab-like effect) */
}
.dropdown:hover .submenu {
display: block;
}
/* Dropdown Menu Hover Effect */
.dropdown {
cursor: pointer;
}
</style>
<script>
// JavaScript to toggle the submenu
document.querySelectorAll('.dropdown > a').forEach(item => {
item.addEventListener('click', function (e) {
e.preventDefault();
const submenu = this.nextElementSibling;
submenu.style.display = submenu.style.display === 'block' ? 'none' : 'block';
});
});
</script>
<ul>
<li><a href="https://buymeacoffee.com/ransomwarelive" target="_blank"><i class="fa-solid fa-mug-hot" style="color: yellow;"></i> Buy Me a Coffee</a></li>
</ul>
<br>
<ul>
<li><a href="https://m.ransomware.live"><i class="fa-solid fa-mobile-screen" style="color: lightgreen;"></i> Mobile version</a></li>
</ul>
</div>
<script>
function showUnderConstructionAlert() {
alert("This function is under construction.");
}
</script>
<script>
// Handle search input keypress
function handleSearchKeyPress(event) {
if (event.key === 'Enter') {
const query = event.target.value.trim();
if (query) {
window.location.href = `/search/${encodeURIComponent(query)}`;
}
}
}
</script>
<div class="content-wrapper">
<div class="title"><i class="fa-solid fa-bullseye"></i> Last Ransomware victims</div>
<hr>
<div class="container">
<div class="column">
<p><i class="fa-solid fa-people-roof"></i><br>Groups</p>
<div class="counter" id="groupsCounter">228</div>
</div>
<div class="column">
<p><i class="fa-solid fa-bullseye"></i><br>Victims</p>
<div class="counter" id="victimsCounter">15834</div>
</div>
<div class="column">
<p><i class="fa-regular fa-calendar-days"></i><br>Victims this month</p>
<div class="counter" id="victimsThisMonthCounter">24</div>
</div>
<div class="column">
<p><i class="fa-regular fa-calendar-days"></i><br>Victims this year</p>
<div class="counter" id="victimsThisYearCounter">5476</div>
</div>
</div>
<style>
.partner-message {
background: lemonchiffon;
font-size: medium;
padding: 10px;
text-align: center;
}
</style>
<!-- Expired: 2025-05-01 -->
<div class="partner-bar">
<p class="partner-message">Sponsored by <strong>Hudson Rock</strong> – <a href="https://hudsonrock.com/free-tools/?=ransomwarelive" target="_blank">Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business</a> <i class="fa fa-external-link" aria-hidden="true"></i></p>
</div>
</div>
<script>
function animateCounter(id, start, end, duration) {
const element = document.getElementById(id);
let startTime = null;
const step = (timestamp) => {
if (!startTime) startTime = timestamp;
const progress = timestamp - startTime;
const current = Math.min(Math.floor(progress / duration * (end - start) + start), end);
element.textContent = current;
if (progress < duration) {
requestAnimationFrame(step);
}
};
requestAnimationFrame(step);
}
// Animate the counters
animateCounter('groupsCounter', 0, 228, 2000);
animateCounter('victimsCounter', 0, 15834, 2000);
animateCounter('victimsThisMonthCounter', 0, 24, 2000);
animateCounter('victimsThisYearCounter', 0, 5476, 2000);
</script>
<div class="content-wrapper">
<div class="info-box">
This page lists the latest 100 ransom claims detected by <span class="group" style="font-size: 12px;">Ransomware.live</span>. We continously scrape ransomware group sites to detect new victims.
<br><br>
<span class="group" style="font-size: 12px;">Ransomware.live</span> has been tracking ransomware's victims since April 2022.
</div>
<br><br>
<a href="/summary" style="text-decoration:none;"><i class="fa-solid fa-list"></i> View summary page</a>
<br><br>
<div class="content_victims">
<div class="victim" data-discovered="2024-12-03 11:58:00.080406">
<a href="/map/ID"><img src="https://images.ransomware.live/flags/ID.svg" alt="ID flag" title="Indonesia" class="flag"></a>
<h2>IDN<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SUROQHFpbGlu')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.idn-inc.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/qilin" class="group-link">Qilin</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-03 11:58</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-10</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
IDN quietly began out of a desire to protect two families in the event of untimely deaths. In the early 1970s, Al Hoffman and Virl Mullins, both second-generation owner-operators, found themselves in businesses that traditionally needed to be ...
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.idn-inc.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="idn-inc.com" data-thirdparty="0" data-employees="0" data-users="3" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/c3cf911fcc0c3d5816db89db07687b3d.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/qilin" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": ["PCHunter", "PowerTool", "YDArk", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Nmap", "Nping"], "Exfiltration": [], "LOLBAS": [], "Networking": [], "Offsec": ["Cobalt Strike"], "RMM-Tools": [], "group_name": "qilin"}" data-group="qilin" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/qilin#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-03 10:26:40.689767">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Goodwill North Central Texas<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/R29vZHdpbGwgTm9ydGggQ2VudHJhbCBUZXhhc0ByaHlzaWRh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/rhysida" class="group-link">Rhysida</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-03 10:26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Public_Sector">Public Sector</a></div>
</div>
</div>
<div class="bubble">
Goodwill North Central Texas You'll find a lot of personal employee information here, SQL databases with clients payment information. Enjoy.Founded by Methodist Minister Edgar J. Helms in 1902, Goodwill gave people with disabilities and other social barriers the opportunity to find meaningful work. From the beginning, Goodwill's mission has promoted job creation for the disenfranchised.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.Enjoy.Founded" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/rhysida" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["PowerView"], "Exfiltration": ["WinSCP"], "LOLBAS": ["NTDS Utility (ntdsutil)", "PsExec", "Windows Event Utility (wevtutil)", "WMIC"], "Networking": [], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk"], "group_name": "rhysida"}" data-group="rhysida" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/rhysida#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-03 10:15:47.082823">
<a href="/map/IL"><img src="https://images.ransomware.live/flags/IL.svg" alt="IL flag" title="Israel" class="flag"></a>
<h2>Harel Insurance ( Shirbit Server )<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SGFyZWwgSW5zdXJhbmNlICggU2hpcmJpdCBTZXJ2ZXIgKUBoYW5kYWxh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/handala" class="group-link">Handala</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-03 10:15</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
Shirbit was one of the largest insurance companies in the Zionist regime, which provided all cars and insurance for government employees and the Zionist military! This company was purchased by Harel in 2021 and its infrastructure was transferred to the Harel network in an interface-oriented manner! However, the Shirbit proxy server was hacked by Handala…
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/487d44f6298d7348a78dd78c33c8e0f8.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/handala#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-03 06:28:00.889188">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>New Age Micro<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TmV3IEFnZSBNaWNyb0BseW54')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/lynx" class="group-link">Lynx</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-03 06:28</div>
<div class="date"><b>Estimated Attack Date: </b>2024-12-02</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
A distinguished product design firm located in Mansfield, MA, New Age Micro has over 20 years of success delivering design services in the areas of software and firmware development, hardware and mechanical design, simulation, and test. The experience that the team brings spans numerous industries and includes research and development, tool design, and design for manufacturing. Diverse backgrounds at New Age Micro combine to offer a unique perspective and an agile development environment that allows the team to scale to meet the speed and complexity requirements of any project they encounter.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/753515fd03829b8b4a0bc429a9ada3af.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/lynx#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 21:29:30.327578">
<a href="/map/FR"><img src="https://images.ransomware.live/flags/FR.svg" alt="FR flag" title="France" class="flag"></a>
<h2>Billaud Segeba<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QmlsbGF1ZCBTZWdlYmFAcWlsaW4=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.zoominfo.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/qilin" class="group-link">Qilin</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 21:29</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Company has 48 hours to contact us or we will post all data.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.zoominfo.com/c/billaud-segeba/356790876" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="zoominfo.com" data-thirdparty="4" data-employees="1" data-users="6925" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/8f6eb406bccb9691418aa1e68b86b909.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/qilin" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": ["PCHunter", "PowerTool", "YDArk", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Nmap", "Nping"], "Exfiltration": [], "LOLBAS": [], "Networking": [], "Offsec": ["Cobalt Strike"], "RMM-Tools": [], "group_name": "qilin"}" data-group="qilin" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/qilin#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 21:26:51.825080">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Textiles Coated International<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VGV4dGlsZXMgQ29hdGVkIEludGVybmF0aW9uYWxAbHlueA==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/lynx" class="group-link">Lynx</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 21:26</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
TCI (Textiles Coated International) is an American manufacturer of high-performance fluoropolymer films, laminates, and composites. Since 1985, TCI has been continuously manufacturing high-quality fluoropolymer materials designed to perform in the most challenging thermal and chemical environments. TCI is proud to be the only supplier to offer PFA, FEP, ETFE, PVDF, ECTFE, PTFE cast films, and 100% PTFE CrossFilm. TCI's superior material quality has enabled expansion joint manufacturers to engineer successful long-term solutions for fabric expansion joints. Today, TCI is the world's leading manufacturer of high-performance PTFE materials for non-metallic expansion joint manufacturers. As the PTFE experts, TCI has decades of experience helping customers to diagnose and understand the effectiveness of PTFE barrier materials. TCI's product range includes specialty materials such as CrossFilm, a variety of PTFE coated fiberglass fabrics, and other materials engineered for performance in challenging applications.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/19d2ab1920a0ebbba50bbf2fc15bca84.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/lynx#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 21:22:42.099877">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>salesgig.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/c2FsZXNnaWcuY29tQGRhcmt2YXVsdA==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/salesgig.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/darkvault" class="group-link">Darkvault</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 21:22</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Business_Services">Business Services</a></div>
</div>
</div>
<div class="bubble">
SalesGig provides outsourced sales development to support our B2B clients generate leads. We deploy proven outbound strategies to expand reach, open conversations, and set sales meetings.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.salesgig.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/052d609d56a432f3005ef0449e11d226.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/darkvault#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 19:30:25.515402">
<a href="/map/IT"><img src="https://images.ransomware.live/flags/IT.svg" alt="IT flag" title="Italy" class="flag"></a>
<h2>KHKKLOW.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/S0hLS0xPVy5jb21AcmFuc29taHVi')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 19:30</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
[AI generated] I'm sorry, but I couldn't find any information on a company called "KHKKLOW.com." It's possible that it may be a small, lesser-known business or a misspelling. If you have any additional details or context, feel free to provide them, and I can try to assist you further.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.KHKKLOW.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/5d266d64c060fb930ba897418da0e9f2.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 17:29:30.635162">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Browne McGregor Architects<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QnJvd25lIE1jR3JlZ29yIEFyY2hpdGVjdHNAcWlsaW4=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.brownemcgregor.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/qilin" class="group-link">Qilin</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 17:29</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-06</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Browne McGregor Architects is a Houston based architecture firm that was founded in 1995. However, our years of previous architectural work has shaped the firm’s project process, culture, and ultimately, the client experience. We are a mid- ...
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.brownemcgregor.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/e6bac5a6522393386d1563c9cf9751da.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/qilin" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": ["PCHunter", "PowerTool", "YDArk", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Nmap", "Nping"], "Exfiltration": [], "LOLBAS": [], "Networking": [], "Offsec": ["Cobalt Strike"], "RMM-Tools": [], "group_name": "qilin"}" data-group="qilin" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/qilin#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 17:26:16.053636">
<a href="/map/GB"><img src="https://images.ransomware.live/flags/GB.svg" alt="GB flag" title="United Kingdom" class="flag"></a>
<h2>EQ Chartered Accountants<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RVEgQ2hhcnRlcmVkIEFjY291bnRhbnRzQHFpbGlu')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.eqaccountants.co.uk" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/qilin" class="group-link">Qilin</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 17:26</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Business_Services">Business Services</a></div>
</div>
</div>
<div class="bubble">
With over 800 GB of data stolen ( mostly CLIENTS data ) , EQ showed that they dont care about their customers at all . Company has 48 hours to contact us or we will post all data.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.eqaccountants.co.uk" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/5d062465fe105b7b28161c3a0ec37cff.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/qilin" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": ["PCHunter", "PowerTool", "YDArk", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Nmap", "Nping"], "Exfiltration": [], "LOLBAS": [], "Networking": [], "Offsec": ["Cobalt Strike"], "RMM-Tools": [], "group_name": "qilin"}" data-group="qilin" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/qilin#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 17:15:47.179877">
<a href="/map/MX"><img src="https://images.ransomware.live/flags/MX.svg" alt="MX flag" title="Mexico" class="flag"></a>
<h2>G-ONE AUTO PARTS DE MÉXICO, S.A. DE C.V.<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Ry1PTkUgQVVUTyBQQVJUUyBERSBNw4lYSUNPLCBTLkEuIERFIEMuVi5AQnJhaW5DaXBoZXI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/BrainCipher" class="group-link">Braincipher</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 17:15</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
[AI generated] G-ONE Auto Parts de México, S.A. de C.V. is a company based in Mexico specializing in the distribution and sale of automotive parts. It caters to a wide range of vehicles, providing high-quality components and accessories to meet the needs of both individual customers and businesses. The company is known for its commitment to customer satisfaction and reliable service within the automotive industry.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/9e69ea0863845eb4ee1aa7053379497b.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/BrainCipher#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 14:10:40.022579">
<a href="/map/IE"><img src="https://images.ransomware.live/flags/IE.svg" alt="IE flag" title="Ireland" class="flag"></a>
<h2>Conlin's Pharmacy (conlinspharmacy.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q29ubGluJ3MgUGhhcm1hY3kgKGNvbmxpbnNwaGFybWFjeS5jb20pQGZvZw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/fog" class="group-link">Fog</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 14:10</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Healthcare">Healthcare</a></div>
</div>
</div>
<div class="bubble">
10 GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/b0529c8bf7a8ddc7c2bfaf7cbd2ef48a.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Veeam-Get-Creds"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Metasploit"], "RMM-Tools": [], "group_name": "fog"}" data-group="fog" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/fog#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 12:47:37.306822">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Mmaynewagemicro<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TW1heW5ld2FnZW1pY3JvQGx5bng=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/lynx" class="group-link">Lynx</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 12:47</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
A distinguished product design firm located in Mansfield, MA, New Age Micro has over 20 years of success delivering design services in the areas of software and firmware development, hardware and mechanical design, simulation, and test. The experience that the team brings spans numerous industries and includes research and development, tool design, and design for manufacturing. Diverse backgrounds at New Age Micro combine to offer a unique perspective and an agile development environment that allows the team to scale to meet the speed and complexity requirements of any project they encounter.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/753515fd03829b8b4a0bc429a9ada3af.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/lynx#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 09:30:13.745133">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Avico Spice<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QXZpY28gU3BpY2VAbWVkdXNh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/avicospice.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/medusa" class="group-link">Medusa</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 09:30</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Avico Spice is located in New York State. Packers of spices, grated cheese products, fruit and nut products and flavorings. These products are sold in various sizes. The company was previously known as A. Vitagliano & Company, which was established in 1926.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.avicospice.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/72bbbd25492ab0856185a061c041a6f0.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/medusa" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": [], "RMM-Tools": ["ScreenConnect"], "group_name": "medusa"}" data-group="medusa" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/medusa#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 09:29:12.456868">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Down East Granite<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RG93biBFYXN0IEdyYW5pdGVAbWVkdXNh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/medusa" class="group-link">Medusa</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 09:29</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Down East Granite is currently Central Pennsylvania’s fabricator of Granite, Quartz, Corian®, Dekton and Other Natural Stone surfaces. Down East Granite is currently Central Pennsylvania’s fabricator of Granite, Quartz, Corian®, Dekton and Other Natural Stone surfaces.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.downeastgranite.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/0d86ae78aced1cba674ecfbbba739fd4.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/medusa" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": [], "RMM-Tools": ["ScreenConnect"], "group_name": "medusa"}" data-group="medusa" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/medusa#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 09:28:12.322420">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Wiley Metal Fabricating<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/V2lsZXkgTWV0YWwgRmFicmljYXRpbmdAbWVkdXNh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/wileymetal.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/medusa" class="group-link">Medusa</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 09:28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Wiley Metal Fabricating - the company is engaged in the manufacture of sheet and structural metal. Wiley Metal Fabricating corporate office is located in 4589 N Wabash Rd 46952, Marion, Indiana, 46952, United States and has 96 employees.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.wileymetal.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/eb4cc1c56869f342701914f6f51c5a21.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/medusa" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": [], "RMM-Tools": ["ScreenConnect"], "group_name": "medusa"}" data-group="medusa" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/medusa#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-02 01:53:47.086706">
<a href="/map/"><img src="https://images.ransomware.live/flags/.svg" alt=" flag" title="" class="flag"></a>
<h2>NT****st<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TlQqKioqc3RAcmF3b3JsZA==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/raworld" class="group-link">Raworld</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-02 01:53</div>
<p></p>
<div class="sector">Sector: <a href="/activity/"></a></div>
</div>
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/657e3f4755572a2fa952e7fb3f2b2afd.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/raworld#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 21:19:13.847340">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>shapesmfg.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/c2hhcGVzbWZnLmNvbUByYW5zb21odWI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/shapesmfg.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 21:19</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Shapes Manufacturing is a company known for producing high-quality custom cabinetry, countertops, and architectural millwork. They focus on delivering tailored solutions for both residential and commercial projects. With a commitment to craftsmanship and innovation, Shapes Manufacturing uses state-of-the-art technology and skilled artisans to ensure precision and quality in every product they create.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.shapesmfg.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/0afdf79bf796a2923ed5811bcd0f37c8.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 19:46:00.721588">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>everde.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/ZXZlcmRlLmNvbUByYW5zb21odWI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/everde.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 19:46</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Everde.com is an online platform specializing in eco-friendly products and sustainable solutions. The company offers a wide range of environmentally conscious goods, aiming to promote a greener lifestyle. Their product catalog includes items for home, personal care, and outdoor living, all sourced with a focus on reducing environmental impact. Everde.com is committed to fostering sustainability and environmental awareness.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.everde.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/fbd70ff96b1bbe5eb8b380a0eb1a1774.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 19:42:52.603677">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>qualitybillingservice.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/cXVhbGl0eWJpbGxpbmdzZXJ2aWNlLmNvbUByYW5zb21odWI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/qualitybillingservice.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 19:42</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Healthcare">Healthcare</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Quality Billing Service is a company that specializes in providing medical billing services to healthcare providers. They focus on streamlining the billing process to enhance efficiency and ensure accurate claims submission. By offering services like account management, claims processing, and revenue cycle management, they aim to optimize financial performance for medical practices and improve overall revenue recovery.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.qualitybillingservice.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/2a6353a762d6e2d966d135b921394a40.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 19:39:45.719464">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>tascosaofficemachines.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/dGFzY29zYW9mZmljZW1hY2hpbmVzLmNvbUByYW5zb21odWI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/tascosaofficemachines.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 19:39</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Business_Services">Business Services</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Tascosa Office Machines is a company specializing in providing office equipment and supplies. They offer products such as printers, copiers, and fax machines, as well as related services like maintenance and repair. The company focuses on helping businesses optimize their office operations through reliable equipment and support, ensuring efficient workflow and productivity.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.tascosaofficemachines.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/a8cb7f455fdee1144a335dd6fe78610e.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 19:36:37.410225">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>costelloeye.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Y29zdGVsbG9leWUuY29tQHJhbnNvbWh1Yg==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/costelloeye.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 19:36</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Healthcare">Healthcare</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Costelloeye.com is an online retailer specializing in eyewear. The company offers a wide range of products, including prescription glasses, sunglasses, and contact lenses. They focus on providing stylish and affordable eyewear options for customers, featuring various frame styles and lens types to suit different needs. Costelloeye.com emphasizes customer satisfaction and convenient online shopping.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.costelloeye.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/c5b2523f3291f4389c223e885461b1bf.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 17:22:58.545872">
<a href="/map/IE"><img src="https://images.ransomware.live/flags/IE.svg" alt="IE flag" title="Ireland" class="flag"></a>
<h2>McKibbin<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TWNLaWJiaW5AaW5jcmFuc29t')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/incransom" class="group-link">Incransom</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 17:22</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Hospitality_and_Tourism">Hospitality and Tourism</a></div>
</div>
</div>
<div class="bubble">
McKibbin Commercial are one of the leading firms of Chartered Surveyors, Estate Agents & Valuers in Northern Ireland.
The Company was founded in Belfast in 1902 by Frederick McKibbin and we continue to provide a wide range of property services including sales, lettings, valuations, lease renewals, rent reviews and other property consultancy to a wide-ranging clientele to include individual landlords and tenants, businesses, institutions and public sector organizations.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/65e2b7d1aa513dd111b7995722bab93f.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/incransom" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["AdFind", "Advanced IP Scanner"], "Exfiltration": ["MEGA", "Restic", "RClone"], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": [], "RMM-Tools": [], "group_name": "incransom"}" data-group="incransom" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/incransom#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-12-01 08:48:10.493652">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Alpine Ear Nose & Throat<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QWxwaW5lIEVhciBOb3NlICYgVGhyb2F0QGJpYW5saWFu')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/bianlian" class="group-link">Bianlian</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-12-01 08:48</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Healthcare">Healthcare</a></div>
</div>
</div>
<div class="bubble">
Alpine ENT is committed to providing comprehensive, high-quality ear, nose and throat care to the entire family through all stages of life.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/f421fcff4e03ef833ac70ae75ca290b0.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/bianlian" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["RDP Recognizer"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "PingCastle", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": ["MEGA", "RClone"], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Impacket"], "RMM-Tools": ["Atera", "Splashtop", "TeamViewer"], "group_name": "bianlian"}" data-group="bianlian" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/bianlian" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/group/bianlian#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 22:27:17.843042">
<a href="/map/ES"><img src="https://images.ransomware.live/flags/ES.svg" alt="ES flag" title="Spain" class="flag"></a>
<h2>Agencia Tributaria AEAT<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QWdlbmNpYSBUcmlidXRhcmlhIEFFQVRAdHJpbml0eQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.agenciatributaria.es" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/trinity" class="group-link">Trinity</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 22:27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Public_Sector">Public Sector</a></div>
</div>
</div>
<div class="bubble">
560Gb - Revenue: 38$mln - Publication date: 2024-12-31
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.agenciatributaria.es" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="agenciatributaria.es" data-thirdparty="1" data-employees="0" data-users="1" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/cfaa926e2de4ec65bae51ea42c4e7ef8.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/trinity" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="/group/trinity#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:54:46.858813">
<a href="/map/HK"><img src="https://images.ransomware.live/flags/HK.svg" alt="HK flag" title="Hong Kong" class="flag"></a>
<h2>Mobigator Technology Group<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TW9iaWdhdG9yIFRlY2hub2xvZ3kgR3JvdXBAZHJhZ29uZm9yY2U=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.mobigator.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/dragonforce" class="group-link">Dragonforce</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:54</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
MOBIGATOR TECHNOLOGY GROUP is a leading technology management and consulting firm with over 700 professionals globally.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.mobigator.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="mobigator.com" data-thirdparty="0" data-employees="0" data-users="16" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/e65f3404472daa7a84457bba1d250be4.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/dragonforce#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/AT"><img src="https://images.ransomware.live/flags/AT.svg" alt="AT flag" title="Austria" class="flag"></a>
<h2>Bw**********.at<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QncqKioqKioqKioqLmF0QGNsb2Fr')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Country: Austria
Views: 0
Private
122GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Ma************.de<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TWEqKioqKioqKioqKiouZGVAY2xvYWs=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Country: Germany
Views: 0
Private
134GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Or*************.de<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/T3IqKioqKioqKioqKioqLmRlQGNsb2Fr')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Country: Germany
Views: 0
Private
<100GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Uk***********.de<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VWsqKioqKioqKioqKi5kZUBjbG9haw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Country: Germany
Views: 0
Private
<100GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/PE"><img src="https://images.ransomware.live/flags/PE.svg" alt="PE flag" title="Peru" class="flag"></a>
<h2>F************.pe<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RioqKioqKioqKioqKi5wZUBjbG9haw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-16</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
F************.pe
Country: Peru
Private
221GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>don****************.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/ZG9uKioqKioqKioqKioqKioqKi5jb21AY2xvYWs=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-16</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
don****************.com
Country: USA
Private
<100GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Globalresultspr.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/R2xvYmFscmVzdWx0c3ByLmNvbUBjbG9haw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/globalresultspr.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-19</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Telecommunication">Telecommunication</a></div>
</div>
</div>
<div class="bubble">
Globalresultspr.com
Country: USA
Public
123GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.globalresultspr.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/FR"><img src="https://images.ransomware.live/flags/FR.svg" alt="FR flag" title="France" class="flag"></a>
<h2>SCAFF'HOLDING<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/U0NBRkYnSE9MRElOR0BjbG9haw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-06</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/"><img src="https://images.ransomware.live/flags/.svg" alt=" flag" title="" class="flag"></a>
<h2>Glo**************.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/R2xvKioqKioqKioqKioqKiouY29tQGNsb2Fr')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-06</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 19:41:50.725768">
<a href="/map/"><img src="https://images.ransomware.live/flags/.svg" alt=" flag" title="" class="flag"></a>
<h2>o******************v<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/byoqKioqKioqKioqKioqKioqKnZAY2xvYWs=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/cloak" class="group-link">Cloak</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 19:41</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-06</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/group/cloak#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 12:34:00.580025">
<a href="/map/AT"><img src="https://images.ransomware.live/flags/AT.svg" alt="AT flag" title="Austria" class="flag"></a>
<h2>EP:Schuller<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RVA6U2NodWxsZXJAc2FyY29tYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/ep.at" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/sarcoma" class="group-link">Sarcoma</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 12:34</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
EP:Schuller
We are ENERGY STARS for our customers . As a family business, we have been enthusiastically serving our customers for three decades.
Our craft has a history and a future: since 1989 we have combined traditional values with progressive thinking. "Tradition" means that we feel committed and connected to our customers. We work conscientiously, with quality and passion.
Our philosophy has not changed in 30 years. When it comes to progress, however, no stone has been left unturned. We strive to stay on the ball and to constantly develop ourselves and our services. New technologies as well as training and further education are very important to us.
Whether it is a small home building project or a complex large-scale facility: you can rely on us - now and in the future.Geo: Austria - Leak size: 88 GB archive - Contains: Files
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.ep.at" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="ep.at" data-thirdparty="0" data-employees="0" data-users="10" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/sarcoma#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 11:57:06.079893">
<a href="/map/IT"><img src="https://images.ransomware.live/flags/IT.svg" alt="IT flag" title="Italy" class="flag"></a>
<h2>www.sansirostadium.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/d3d3LnNhbnNpcm9zdGFkaXVtLmNvbUBhcHQ3Mw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.sansirostadium.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/apt73" class="group-link">Apt73</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 11:57</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Hospitality_and_Tourism">Hospitality and Tourism</a></div>
</div>
</div>
<div class="bubble">
Italian stadium. Total machines accesses, main stations, footballers' personal data, UEFA personal contact data, big screens control machines.
1 ...
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.sansirostadium.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/29877ca0a49a745d35e405cf68cc3888.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/apt73#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 10:01:02.466945">
<a href="/map/PE"><img src="https://images.ransomware.live/flags/PE.svg" alt="PE flag" title="Peru" class="flag"></a>
<h2>Chema Per<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q2hlbWEgUGVyQHNhcmNvbWE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/chema.com.pe" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/sarcoma" class="group-link">Sarcoma</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 10:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Chema Per
Chema is the leading Peruvian company in additives and products for industry, mining and construction, with more than 43 years of experience.Geo: Peru - Leak size: 60 GB Archive - Contains: Files
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.chema.com.pe" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="chema.com.pe" data-thirdparty="0" data-employees="0" data-users="1" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/sarcoma#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 07:58:15.359031">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>backyarddiscovery.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/YmFja3lhcmRkaXNjb3ZlcnkuY29tQGVtYmFyZ28=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/backyarddiscovery.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/embargo" class="group-link">Embargo</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 07:58</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-29</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Backyard Discovery is built for families. From a child’s first playset to structures that guard the parents’ newest outdoor interests, our products are meant to play a role in families’ lives for years and years.
You can find our dedicated team hard at work in our Pittsburg, KS headquarters and diligently focused at every one of our distribution centers. Each of our innovators and specialists is passionate about helping families enjoy wonderful moments right in their own backyards — and you can see that focus in our high-quality gazebos, pergolas, swing sets, playhouses, and backyard leisure products. - ~1TB of confidential data.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.backyarddiscovery.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="backyarddiscovery.com" data-thirdparty="0" data-employees="0" data-users="40" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/e20d2bc30fab2bd6a4dfe2b69e72e783.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": ["s4killer (Minifilter Driver)"], "DiscoveryEnum": [], "Exfiltration": [], "LOLBAS": ["BCDEdit", "ServiceControl (sc.exe)"], "Networking": [], "Offsec": [], "RMM-Tools": [], "group_name": "embargo"}" data-group="embargo" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/embargo#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-30 03:03:02.669839">
<a href="/map/FI"><img src="https://images.ransomware.live/flags/FI.svg" alt="FI flag" title="Finland" class="flag"></a>
<h2>UATF<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VUFURkBzdG9ybW91cw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/uatf.edu.bo" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/stormous" class="group-link">Stormous</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-30 03:03</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Data Size: ?GB, Status: ?, Data Type: Personal data (names, addresses, phone numbers) - Internal email correspondences - Attachments containing educational and administrative documents - Information on student or employee activities - Contact list for all students, internal messages, and more
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.uatf.edu.bo" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="uatf.edu.bo" data-thirdparty="8" data-employees="27" data-users="2553" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/stormous#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 23:09:27.839109">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Trace3<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VHJhY2UzQHBsYXk=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.trace3.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/play" class="group-link">Play</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 23:09</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
United States
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.trace3.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="trace3.com" data-thirdparty="7" data-employees="0" data-users="11" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/54cf85dd9e7459ae5bbedc3224248fce.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/play" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["GMER", "IOBit", "PowerTool"], "DiscoveryEnum": ["AdFind"], "Exfiltration": ["WinSCP"], "LOLBAS": ["PsExec"], "Networking": ["Plink"], "Offsec": ["Cobalt Strike", "WinPEAS"], "RMM-Tools": [], "group_name": "play"}" data-group="play" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/play#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 23:06:28.112229">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Bendheim<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QmVuZGhlaW1AcGxheQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.bendheim.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/play" class="group-link">Play</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 23:06</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
United States
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.bendheim.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="bendheim.com" data-thirdparty="0" data-employees="0" data-users="26" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/11dd3dc629f73afaaed136a46f0fbf7d.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/play" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["GMER", "IOBit", "PowerTool"], "DiscoveryEnum": ["AdFind"], "Exfiltration": ["WinSCP"], "LOLBAS": ["PsExec"], "Networking": ["Plink"], "Offsec": ["Cobalt Strike", "WinPEAS"], "RMM-Tools": [], "group_name": "play"}" data-group="play" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/play#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 23:03:26.336372">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Specialty Bolt And Screw<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/U3BlY2lhbHR5IEJvbHQgQW5kIFNjcmV3QHBsYXk=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.specialtybolt.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/play" class="group-link">Play</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 23:03</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
United States
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.specialtybolt.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="specialtybolt.com" data-thirdparty="4" data-employees="0" data-users="4" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/d3fd2533471e27ba95351196e465d79a.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/play" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["GMER", "IOBit", "PowerTool"], "DiscoveryEnum": ["AdFind"], "Exfiltration": ["WinSCP"], "LOLBAS": ["PsExec"], "Networking": ["Plink"], "Offsec": ["Cobalt Strike", "WinPEAS"], "RMM-Tools": [], "group_name": "play"}" data-group="play" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/play#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 18:20:45.376696">
<a href="/map/AE"><img src="https://images.ransomware.live/flags/AE.svg" alt="AE flag" title="United Arab Emirates" class="flag"></a>
<h2>www.aras-group.ae<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/d3d3LmFyYXMtZ3JvdXAuYWVAcmFuc29taHVi')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.aras-group.ae" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 18:20</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
[AI generated] Aras Group, based in the UAE, specializes in services such as business setup, management consulting, and corporate advisory. They assist clients with company formation, legal compliance, and strategic planning. Their expertise extends to facilitating business operations in the UAE's dynamic market, ensuring clients receive tailored solutions for their unique needs.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/179e78a3e35ccf0458f46fe40d15bde4.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 14:46:22.709095">
<a href="/map/IT"><img src="https://images.ransomware.live/flags/IT.svg" alt="IT flag" title="Italy" class="flag"></a>
<h2>Horsa<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SG9yc2FAaHVudGVycw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.horsa.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/hunters" class="group-link">Hunters</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 14:46</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Country : Italy - Exfiltraded data : yes - Encrypted data : yes
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.horsa.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="horsa.com" data-thirdparty="0" data-employees="0" data-users="4" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/4d966787a283e9f021f4a7a763f2dc59.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/ttps/hunters" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/group/hunters#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 14:41:01.929782">
<a href="/map/PY"><img src="https://images.ransomware.live/flags/PY.svg" alt="PY flag" title="Paraguay" class="flag"></a>
<h2>www.fpj.com.py<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/d3d3LmZwai5jb20ucHlAYXB0NzM=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.fpj.com.py" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/apt73" class="group-link">Apt73</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 14:41</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
Paraguayan bank. Personal info - 2 GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.fpj.com.py" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="fpj.com.py" data-thirdparty="1" data-employees="5" data-users="17" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/0484e0b6db900cba81def9769648b614.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/apt73#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:03:37.869094">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Weld Racing (weldracing.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/V2VsZCBSYWNpbmcgKHdlbGRyYWNpbmcuY29tKUBmb2c=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/weldracing.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/fog" class="group-link">Fog</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:03</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
10,1 GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.weldracing.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/fd64c044e471b383b713c2bf50c990b6.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Veeam-Get-Creds"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Metasploit"], "RMM-Tools": [], "group_name": "fog"}" data-group="fog" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/fog#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:38.922682">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Colwell Colour (colwellcolour.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q29sd2VsbCBDb2xvdXIgKGNvbHdlbGxjb2xvdXIuY29tKUBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/colwellcolour.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Colwell Colour is located in Kendallville, Indiana. Thi
s organization primarily operates in the Stationery bus
iness / industry within the Wholesale Trade - Nondurabl
e Goods sector.
We are ready to upload more than 6 GB of internal corpo
rate documents including: inside financial documents, c
ustomer and employee contacts, etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:E6C13C82063FEB2E9173F60
B3300F0E65B4B0503&dn=colwellcolour.com&tr=udp://tracker
.openbittorrent.com:80/announce&tr=udp://tracker.opentr
ackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.colwellcolour.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:36.702772">
<a href="/map/GB"><img src="https://images.ransomware.live/flags/GB.svg" alt="GB flag" title="United Kingdom" class="flag"></a>
<h2>Complete Control (complete-control.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q29tcGxldGUgQ29udHJvbCAoY29tcGxldGUtY29udHJvbC5jb20pQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/complete-control.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Complete Control will exceed all expectations of custom
ers by providing clear, concise, cost effective methods
and workmanship while maintaining a safe environment a
t all times.
You will find a lot of internal corporate documents inc
luding: financial documents, customers contacts, compan
y contracts etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives password: companypass
MAGNET URL: magnet:?xt=urn:btih:B4C146828E9160A6D9AD0FA
85D56C6D68C6D15E3&dn=complete-control.com&tr=udp://trac
ker.openbittorrent.com:80/announce&tr=udp://tracker.ope
ntrackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.complete-control.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:33.849845">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Deutsche Industrie VideoSystem<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RGV1dHNjaGUgSW5kdXN0cmllIFZpZGVvU3lzdGVtQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/divis.eu" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<div class="date"><b>Estimated Attack Date: </b>2024-09-30</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Deutsche Industrie Video System develop and distribute
turnkey system solutions for visual consignment trackin
g in freight forwarding and parcel handling as well as
warehouse logistics throughout Europe.
You will find a lot of corporate information including:
financial documents, employee and customer contacts et
c.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:02D8F1B1D2F0F9A9C41A2FC
C8E1C3B0B628E719F&dn=divis.eu&tr=udp://tracker.openbitt
orrent.com:80/announce&tr=udp://tracker.opentrackr.org:
1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.divis.eu" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:31.521379">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Dfa Ny<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RGZhIE55QGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<div class="date"><b>Estimated Attack Date: </b>2024-09-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Dfa Ny LLC is a company that operates in the Apparel &
Accessories Retail industry.
You will find more than 3 GB of insurance documents, in
ternal corporate documents and financial information et
c.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:1082F82C698F5436E5AEB07
734C3628B4D4EE7CF&dn=dfanyllc.com&tr=udp://tracker.open
bittorrent.com:80/announce&tr=udp://tracker.opentrackr.
org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.dfanyllc.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:28.942698">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Cate Equipment<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q2F0ZSBFcXVpcG1lbnRAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/cate.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Cate Equipment Company has been serving the constructio
n, mining & industrial industries throughout the Interm
ountain area since 1938 from our locations in Utah & Id
aho.
You will find a lot of customers contacts with phones a
nd addresses, internal financial documents, inside corp
orate correspondence, personal employee information wit
h phones and passwords etc
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:AAB02FE4BBBDA12A3C0FDE1
D3774F46784F5990C&dn=cate.com&tr=udp://tracker.openbitt
orrent.com:80/announce&tr=udp://tracker.opentrackr.org:
1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.cate.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:26.278507">
<a href="/map/BR"><img src="https://images.ransomware.live/flags/BR.svg" alt="BR flag" title="Brazil" class="flag"></a>
<h2>CAUDURO SPORTS LTDA<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q0FVRFVSTyBTUE9SVFMgTFREQUBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<div class="date"><b>Estimated Attack Date: </b>2024-10-17</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
CAUDURO SPORTS main focus of activity is the manufactur
e of clothing items, except underwear and custom-made c
lothing
You will find a lot of customer contacts, employee cont
acts with phones and emails, internal financial documen
ts etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:04627FE63BC9D2B490BC065
4B0AF5D29DEE30867&dn=cauduro.net&tr=udp://tracker.openb
ittorrent.com:80/announce&tr=udp://tracker.opentrackr.o
rg:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.cauduro.net" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:23.951292">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Corman Leigh<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q29ybWFuIExlaWdoQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/cormanleigh.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<div class="date"><b>Estimated Attack Date: </b>2024-10-18</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Corman Leigh is a residential and commercial property i
nvestment firm that seeks out strategic real estate opp
ortunities.
You will find many internal financial documents, custom
er phone numbers, emails and addresses, internal exchan
ge agreements, etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:CB1CD6C157283A0637C6121
C30F28F05BCB2E00A&dn=cormanleigh.com&tr=udp://tracker.o
penbittorrent.com:80/announce&tr=udp://tracker.opentrac
kr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.cormanleigh.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:21.274579">
<a href="/map/GR"><img src="https://images.ransomware.live/flags/GR.svg" alt="GR flag" title="Greece" class="flag"></a>
<h2>Ilvief<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SWx2aWVmQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/ilvief.gr" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Ilvief is considered an expert in the areas of power di
stribution, power plant electrical installation, indust
rial automation and control.
You will find a lot of internal financial documents, in
side corporate documentations, customer contacts etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives password: ilvief.gr
MAGNET URL: magnet:?xt=urn:btih:98B70D97CA9F9E3D1E0F984
CC18101027924F607&dn=ilvief.gr&tr=udp://tracker.openbit
torrent.com:80/announce&tr=udp://tracker.opentrackr.org
:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.ilvief.gr" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:18.344893">
<a href="/map/AT"><img src="https://images.ransomware.live/flags/AT.svg" alt="AT flag" title="Austria" class="flag"></a>
<h2>Zillertal Bier<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/WmlsbGVydGFsIEJpZXJAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/zillertal-bier.at" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Zillertal Bier is the brand and home for beer culture a
nd drinking pleasure in Tyrol.
You will find a lot of customer contacts, internal fina
ncial documents etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:46981123C0FC35B9A92D8F4
6AE60396A4B32EBC0&dn=zillertal-bier.at&tr=udp://tracker
.openbittorrent.com:80/announce&tr=udp://tracker.opentr
ackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.zillertal-bier.at" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:15.739898">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Lucid Corp<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/THVjaWQgQ29ycEBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/lucidcorp.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Lucid Corp LLC manufactures custom plastic solutions wi
th a focus on sustainable and traceable packaging.
You will find a lot of inside corporate correspondence,
internal financial documents and employees contacts.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:3F2E07DD43E2B6D644F149A
EADF32CEFBA64C4B8&dn=lucidcorp.com&tr=udp://tracker.ope
nbittorrent.com:80/announce&tr=udp://tracker.opentrackr
.org:1337/announce
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.lucidcorp.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:12.947805">
<a href="/map/JP"><img src="https://images.ransomware.live/flags/JP.svg" alt="JP flag" title="Japan" class="flag"></a>
<h2>Rengo Packaging<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/UmVuZ28gUGFja2FnaW5nQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/rengopackaging.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Rengo Packaging manufactures and distributes corrugated
packaging products.
You will find a lot of internal financial information,
insurance documents, customer contacts, tax identificat
ion numbers, governments contacts etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:11298184BBDDE57AF8CD5B6
3684BCDCF16D9BEE4&dn=rengopackaging.com&tr=udp://tracke
r.openbittorrent.com:80/announce&tr=udp://tracker.opent
rackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.rengopackaging.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:08.397452">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Lotus Concepts Management<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TG90dXMgQ29uY2VwdHMgTWFuYWdlbWVudEBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/lotusconceptsmgmt.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Hospitality_and_Tourism">Hospitality and Tourism</a></div>
</div>
</div>
<div class="bubble">
Lotus Concepts is Denver's premier restaurant and night
life group specializing in hospitality, operations, ent
ertainment and real estate.
You will find a lot of personal employees data with med
ical documents, internal financial documentation, custo
mer contacts etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:5E7C678374CEE15C24AD0CA
9900308B0F20ABDCE&dn=lotusconceptsmgmt.com&tr=udp://tra
cker.openbittorrent.com:80/announce&tr=udp://tracker.op
entrackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.lotusconceptsmgmt.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:05.491013">
<a href="/map/AU"><img src="https://images.ransomware.live/flags/AU.svg" alt="AU flag" title="Australia" class="flag"></a>
<h2>4QuartersIT<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/NFF1YXJ0ZXJzSVRAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/4quartersit.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
4QuartersIT is a custom software and IT services compan
y headquartered in Jacksonville, Florida.
You will find a lot of employee and customer contacts,
internal financial documents etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:E900DD0A3D8D431F8BA876C
4A2A0AB3229F1294F&dn=4quartersit.com&tr=udp://tracker.o
penbittorrent.com:80/announce&tr=udp://tracker.opentrac
kr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.4quartersit.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:01:02.495436">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Snelling Paper & Sanitation<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/U25lbGxpbmcgUGFwZXIgJiBTYW5pdGF0aW9uQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/snellingpaper.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:01</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Snelling Paper & Sanitation provides high quality food
service packaging, janitorial/sanitation supplies and
industrial packaging products. Our reputation has been
built on prompt and efficient service and our unwaverin
g commitment to excellence for more than 100 years.
You will find a lot of employees contact information, c
ustomer contacts, internal financial documentation etc
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:74A6F84B7C0D5D53BDB34F2
FE19E7D1D3A88F744&dn=snellingpaper.com&tr=udp://tracker
.openbittorrent.com:80/announce&tr=udp://tracker.opentr
ackr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.snellingpaper.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:59.573025">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Magguilli Law Firm,PPLC<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TWFnZ3VpbGxpIExhdyBGaXJtLFBQTENAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/magguillilaw.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Lawrence P. Magguilli is the managing member of the Mag
guilli Law Firm, PLLC and concentrates his practice in
the areas of creditors’ rights litigation, debt collect
ion and judgment enforcement.
We have some financial corporate data, medical document
s etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:3920F718FF5C373CB92A05D
6B34178E3AA3E030B&dn=magguillilaw.com&tr=udp://tracker.
openbittorrent.com:80/announce&tr=udp://tracker.opentra
ckr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.magguillilaw.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:56.832980">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Turf Paradise<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VHVyZiBQYXJhZGlzZUBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/turfparadise.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Hospitality_and_Tourism">Hospitality and Tourism</a></div>
</div>
</div>
<div class="bubble">
Turf Paradise is a horse racetrack located in Phoenix,
Arizona since 1956. Live race season is from October Ma
y.
You will find a lot of personal employees data with con
tact information.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:75C0B2C1D7E2A4F33FB31EB
6CA8FBFFA53785775&dn=turfparadise.com&tr=udp://tracker.
openbittorrent.com:80/announce&tr=udp://tracker.opentra
ckr.org:1337/announce&tr=wss://wstracker.online
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.turfparadise.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:30.885237">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Tillamook Country Smoker (tcsmoker.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VGlsbGFtb29rIENvdW50cnkgU21va2VyICh0Y3Ntb2tlci5jb20pQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Tillamook Country Smoker (TCS) is a long-standing producer of hig
h-quality beef jerky and meat sticks distributed primarily throug
h grocery, convenience mass, specialty and e-commerce channels.
We are ready to upload more than 14 GB of internal corporate docu
ments including: SSNs, inside financial and medical information,
employee contact phones and emails, etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.tcsmoker.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:27.903771">
<a href="/map/CZ"><img src="https://images.ransomware.live/flags/CZ.svg" alt="CZ flag" title="Czechia" class="flag"></a>
<h2>Pražské služby<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/UHJhxb5za8OpIHNsdcW+YnlAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/psas.cz" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Public_Sector">Public Sector</a></div>
</div>
</div>
<div class="bubble">
Pražské služby is a the main operator of the municipal system of
comprehensive collection, sorting and utilization of waste.
We are ready to upload a lot of NDAs, employees contacts, interna
l financial documents etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.psas.cz" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:24.870455">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Packard Machinery<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/UGFja2FyZCBNYWNoaW5lcnlAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/packardmachinery.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Packard Machinery Co. is a premier distributor of both high end a
nd economy class equipment. With a full compliment of Sales, Serv
ice, Parts & Applications
We are ready to upload more than 25 GB of internal corporate docu
ments including: inside financial information, customer and emplo
yee contacts personal phones and emails, NDAs etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.packardmachinery.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:21.238490">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Brookway Landscape &Irrigation<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QnJvb2t3YXkgTGFuZHNjYXBlICZJcnJpZ2F0aW9uQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Brookway Landscape & Irrigation (Brookway Horticultural Services)
is a local, family-owned and operated landscaping company operat
ing throughout Texas.
You will find a lot of internal financial documents, customer con
tacts, personal employees information, NDAs etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:18.632698">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Aviosupport<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QXZpb3N1cHBvcnRAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/aviosupport.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Transportation-Logistics">Transportation/Logistics</a></div>
</div>
</div>
<div class="bubble">
Aviosupport is a leader in the global distribution of aircraft sp
are parts to the commercial aerospace industry.
We are ready to upload a lot of internal corporate documents incl
uding: NDAs, insurance documents, customer contacts, employees c
ontact with family info and many others data.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.aviosupport.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="aviosupport.com" data-thirdparty="0" data-employees="0" data-users="2" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:15.649927">
<a href="/map/CA"><img src="https://images.ransomware.live/flags/CA.svg" alt="CA flag" title="Canada" class="flag"></a>
<h2>Co-op Agro Centre<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q28tb3AgQWdybyBDZW50cmVAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/agro.crs" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Co-op Agro Centre is a company that operates in the Home Improvem
ent & Hardware Retail industry.
We are ready to upload more than 50 GB of internal corporate docu
ments including: employee medical documents, personal employments
data with SSN and SIN, and some internal confidential documents.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.agro.crs" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:12.997523">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Bennett Porter Wealth Management Insurance<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QmVubmV0dCBQb3J0ZXIgV2VhbHRoIE1hbmFnZW1lbnQgSW5zdXJhbmNlQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/bennettandporter.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-27</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
Bennett & Porter is designed to operate as a "multi-family office
" model; offering a breadth of services that allow individuals, f
amilies and businesses to have a single point-of-contact for all
their wealth management and insurance needs.
We are ready to upload more than 50 GB of internal corporate docu
ments including: inside financial information, customer contacts,
personal employees data and SSNs..
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.bennettandporter.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
|
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:09.965418">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Wadsworth Solutions<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/V2Fkc3dvcnRoIFNvbHV0aW9uc0Bha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Wadsworth Solutions, founded in 1944 and located in Northern Ohio
and Southeastern Michigan represents LG Air Conditioning Technol
ogies along with Schneider Electric and over 40 other HVAC relate
d lines.
We are ready to upload a lot of internal corporate documents incl
uding: employee and customer contact phones and emails, inside fi
nancial documents, credit card numbers etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 13:00:01.903226">
<a href="/map/GB"><img src="https://images.ransomware.live/flags/GB.svg" alt="GB flag" title="United Kingdom" class="flag"></a>
<h2>AMI Consulting Engineers<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QU1JIENvbnN1bHRpbmcgRW5naW5lZXJzQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 13:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
AMI is driving innovation in Ports & Harbors, Coastal & Riverine,
Waterfronts & Marinas, Dams & Levees, Buildings, and Industrial
Facilities.
We are ready to upload more than 30 GB of internal corporate docu
ments including: NDAs, human resources info, confidential agreeme
nts, SSNs, personal medical documents etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:58.645302">
<a href="/map/CA"><img src="https://images.ransomware.live/flags/CA.svg" alt="CA flag" title="Canada" class="flag"></a>
<h2>HTT Packaging & Design<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SFRUIFBhY2thZ2luZyAmIERlc2lnbkBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
HTT Packaging & Design offers contract manufacturing for cosmetic
and personal care flexible packaging, including single-serve sti
ck packs.
We are ready to upload a lot of internal corporate documents incl
uding: SSNs, employee and customer contact phones and emails, NDA
s, etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:55.764340">
<a href="/map/CO"><img src="https://images.ransomware.live/flags/CO.svg" alt="CO flag" title="Colombia" class="flag"></a>
<h2>Thomas Greg & Sons Ltda<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VGhvbWFzIEdyZWcgJiBTb25zIEx0ZGFAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Thomas Greg & Sons Ltda is a company that operates in the Plastic
, Packaging & Containers industry.
We are ready to upload a lot of internal financial documents, emp
loyees medical documents and contacts, customer contacts and corr
espondences etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:53.056679">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Sanderson Stewart<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/U2FuZGVyc29uIFN0ZXdhcnRAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-26</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Sanderson Stewart make: Infrastructure Engineering Surveying Ma
pping Community Planning Placemaking Landscape Architecture Const
ruction Administration Inspection Branding Visualization
We are ready to upload a lot of internal corporate documents incl
uding: inside financial information, customer and employee contac
t emails and phones, etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:50.093009">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Touchstone Home Products<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VG91Y2hzdG9uZSBIb21lIFByb2R1Y3RzQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Touchstone Home Products, Inc. is an industry leader in Electric
Fireplace and TV Lift products for the home since 2005.
We are ready to upload more than 20 GB of internal corporate docu
ments including: employee and customer contact information, busin
ess licenses, insurance documents etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:47.151914">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Astor Chocolate<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QXN0b3IgQ2hvY29sYXRlQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
Founded in 1950, Astor Chocolate is a company that specializes in
the manufacturing of chocolate confections.
We are ready to upload a lot of inside financial documentation, m
any customer and employee emails and phones etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:44.286885">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>McFarlane, Inc.<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TWNGYXJsYW5lLCBJbmMuQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
McFarlane, Inc. will be known as the best HVAC contracting firm i
n its market area of North Dakota and Northern Minnesota.
You will find a lot of NDAs, customer contacts, driver licenses,
employees contact information, SSNs etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:41.175836">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Summit Hosting<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/U3VtbWl0IEhvc3RpbmdAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Summit Hosting provides cloud-based hosting to businesses all aro
und the world.
We are ready to upload a lot of NDAs, contracts with customers, d
river licenses, internal confidential information, personal emplo
yees data etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:38.254739">
<a href="/map/AU"><img src="https://images.ransomware.live/flags/AU.svg" alt="AU flag" title="Australia" class="flag"></a>
<h2>Kay & Burton<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/S2F5ICYgQnVydG9uQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
Kay & Burton has always been a leader in the premium and luxury r
eal estate markets.
We a ready to upload a lot of credit card data, employees persona
l data, driver licenses, personal information about their clients
, contact data of their employees etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:35.227733">
<a href="/map/GB"><img src="https://images.ransomware.live/flags/GB.svg" alt="GB flag" title="United Kingdom" class="flag"></a>
<h2>MSR Group<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TVNSIEdyb3VwQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
MSR Group offers market research and data collection services. Th
ey offer advice, counsel, and a range of data gathering technique
s.
We are ready to upload a lot of NDAs, customers contact informati
on, employees contact data etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:32.241667">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Deutsche Industrie Video System<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RGV1dHNjaGUgSW5kdXN0cmllIFZpZGVvIFN5c3RlbUBha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-25</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Deutsche Industrie Video System develop and distribute turnkey sy
stem solutions for visual consignment tracking in freight forward
ing and parcel handling as well as warehouse logistics throughout
Europe.
You will find a lot of corporate information including: financial
documents, employee and customer contacts etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:28.415823">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>First Chatham Bank<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Rmlyc3QgQ2hhdGhhbSBCYW5rQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-22</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
First Chatham Bank’s deposits are FDIC insured and it prides itse
lf in providing businesses and individuals quality lending and ba
nking services.
We are ready to upload more than 9 GB internal corporate document
s including: driver licenses, employee and customer contacts, ins
ide financial documents etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:25.501840">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Metal Finishing<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TWV0YWwgRmluaXNoaW5nQGFraXJh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-22</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Metal Finishing Company, Inc. was established in Wichita Kansas U
SA in 1940, the largest family-owned aerospace processing facilit
y in North America.
We are ready to upload more than 40 GB internal corporate documen
ts including: NDAs, license agreements, internal financial docume
nts, employee and customer contact emails and phones etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:22.512763">
<a href="/map/FR"><img src="https://images.ransomware.live/flags/FR.svg" alt="FR flag" title="France" class="flag"></a>
<h2>Plastic Recycling<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/UGxhc3RpYyBSZWN5Y2xpbmdAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-21</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
Plastic Recycling, Inc. offers: custom compounding, toll grinding
, pelletizing, material separation, materials refining and manufa
cturing finished products, along with various other technical ser
vices.
We are ready to upload more than 70 GB internal corporate documen
ts including: internal financial documents, employee and customer
contacts, insurance documents, NDAs etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:19.484382">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>North Shore Systems<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Tm9ydGggU2hvcmUgU3lzdGVtc0Bha2lyYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-21</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
North Shore Systems LLC is a computer software company that provi
des end-to-end digitization for all types of commercial/CRE loans
. Based out of San Clemente, CA.
We are ready to upload more than 100 GB internal corporate docume
nts including: driver licenses, operating agreements, internal fi
nancial documents, SSNs, employees contacts etc.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 12:59:16.421019">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>Traffics<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/VHJhZmZpY3NAYWtpcmE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/akira" class="group-link">Akira</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 12:59</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-21</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Transportation-Logistics">Transportation/Logistics</a></div>
</div>
</div>
<div class="bubble">
Traffics is one of the leading companies for travel technology an
d is among the pioneers in the digital travel industry.
We are ready to upload more than 2 GB internal corporate document
s including: corporate correspondence, employee contacts, custome
r contact information, signed contracts with large companies, etc
.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/akira" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["DonPAPI", "LaZagne", "Mimikatz"], "DefenseEvasion": ["PowerTool", "Zemana Anti-Rootkit driver"], "DiscoveryEnum": ["Advanced IP Scanner", "Masscan", "ReconFTW", "SharpHound", "SoftPerfect NetScan"], "Exfiltration": ["FileZilla", "MEGA", "RClone", "Temp[.]sh", "WinSCP"], "LOLBAS": [], "Networking": ["Cloudflared", "OpenSSH", "Ngrok"], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk", "MobaXterm", "Radmin", "RustDesk"], "group_name": "akira"}" data-group="akira" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/akira" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/akira" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/akira#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 11:00:58.897714">
<a href="/map/NA"><img src="https://images.ransomware.live/flags/NA.svg" alt="NA flag" title="Namibia" class="flag"></a>
<h2>Namforce Life Insurance<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TmFtZm9yY2UgTGlmZSBJbnN1cmFuY2VAc3BhY2ViZWFycw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/www.namforce.com.na" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/spacebears" class="group-link">Spacebears</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 11:00</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-21</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
Namforce Life Insurance Limited (Namforce) is a life insurance company. The company was granted its Long-Term License in 2017. The purpose and aim of Namforce is to provide financial services to clients in the life insurance sector.Namforce, born out of a noble mission, has undergone a significant expansion, now offering its services to the broader public. In the early 1990s, soon after Namibia's independence, the government recognized the importance of providing insurance coverage to the brave members of the Namibian armed forces. To address this need, a scheme was initiated to provide life, disability, and funeral insurance to these individuals.Originally administered by various insurance companies, the government later established Namforce as a dedicated life insurance company. Officially licensed by the regulator in 2017, Namforce has continuously evolved to meet the changing needs of its clientele. In line with its commitment to inclusivity and accessibility, Namforce has expanded its services beyond the armed forces, now extending its comprehensive insurance offerings to the public at large. With a steadfast dedication to providing reliable and tailored insurance solutions, Namforce remains a trusted partner for individuals seeking peace of mind and financial security.• Financial document, accounting reports, backup, customer database, personal information of employees and client https://www.namforce.com.na/
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="http://www.namforce.com.na" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/9aa76f46239c00f654d0fe2a6779ad43.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/spacebears#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 10:42:50.942662">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>ppotts.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/cHBvdHRzLmNvbUByYW5zb21odWI=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/ppotts.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/ransomhub" class="group-link">Ransomhub</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 10:42</div>
<div class="date"><b>Estimated Attack Date: </b>2024-11-28</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Not_Found">Not Found</a></div>
</div>
</div>
<div class="bubble">
[AI generated] I'm sorry, but I couldn't find specific information on a company named "ppotts.com." It's possible that the company is either not well-documented or not widely recognized. If you have more details or if there's a different name or context you're referring to, please let me know, and I'll do my best to help!
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.ppotts.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/4157bb436016bde1f591d2417a86f0ea.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["ThreatFire System Monitor driver"], "DiscoveryEnum": ["Angry IP Scanner", "Nmap", "SoftPerfect NetScan"], "Exfiltration": ["PSCP", "RClone", "WinSCP"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Cobalt Strike", "CrackMapExec", "Impacket", "Kerbrute", "Metasploit", "Sliver"], "RMM-Tools": ["AnyDesk", "Atera", "N-Able", "ScreenConnect", "Splashtop"], "group_name": "ransomhub"}" data-group="ransomhub" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/ransomhub" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/ransomhub" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/ransomhub#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 01:29:06.673426">
<a href="/map/CA"><img src="https://images.ransomware.live/flags/CA.svg" alt="CA flag" title="Canada" class="flag"></a>
<h2>Delmar International<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/RGVsbWFyIEludGVybmF0aW9uYWxAcmh5c2lkYQ==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="/static/images/Nologo.png" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/rhysida" class="group-link">Rhysida</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 01:29</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Transportation-Logistics">Transportation/Logistics</a></div>
</div>
</div>
<div class="bubble">
Delmar International Delmar International Inc. was established as a family-run customs broker in Montreal, Canada in 1965. Since then, we have evolved into a global logistics and supply chain management leader.
</div>
<p></p>
<div class="icons">
<span class="subtitle">Group: </span>
<a href="/yara/rhysida" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["PowerView"], "Exfiltration": ["WinSCP"], "LOLBAS": ["NTDS Utility (ntdsutil)", "PsExec", "Windows Event Utility (wevtutil)", "WMIC"], "Networking": [], "Offsec": ["Impacket"], "RMM-Tools": ["AnyDesk"], "group_name": "rhysida"}" data-group="rhysida" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/rhysida#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 01:22:10.205926">
<a href="/map/DE"><img src="https://images.ransomware.live/flags/DE.svg" alt="DE flag" title="Germany" class="flag"></a>
<h2>brownpacking.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/YnJvd25wYWNraW5nLmNvbUBrYWlyb3M=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/brownpacking.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/kairos" class="group-link">Kairos</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 01:22</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Agriculture_and_Food_Production">Agriculture and Food Production</a></div>
</div>
</div>
<div class="bubble">
USA - Brown Packing
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.brownpacking.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/3d21401b39171938eb5c812ba26636f4.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/group/kairos#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-29 01:17:04.957744">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>JTEKT NORTH AMERICA<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SlRFS1QgTk9SVEggQU1FUklDQUBibGFja3N1aXQ=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/jtekt-na.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/blacksuit" class="group-link">Blacksuit</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-29 01:17</div>
<div class="date"><b>Estimated Attack Date: </b>2024-10-11</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
893.63GB of Data
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.jtekt-na.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/1e965e38c2022f7b26dbc24d5bc85066.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/blacksuit" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz", "NirSoft Dialupass", "NirSoft IEPassView (iepv)", "NirSoft MailPassView", "NirSoft Netpass", "NirSoft RouterPassView"], "DefenseEvasion": ["Eraser", "GMER", "PowerTool"], "DiscoveryEnum": ["AdFind", "Advanced IP Scanner", "SharpHound", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": ["RClone"], "LOLBAS": ["PsExec"], "Networking": ["Chisel", "Cloudflared", "OpenSSH"], "Offsec": ["Brute Ratel C4", "Cobalt Strike", "Rubeus"], "RMM-Tools": ["AnyDesk", "Atera", "LogMeIn", "MobaXterm"], "group_name": "blacksuit"}" data-group="blacksuit" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/blacksuit#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 16:57:08.815551">
<a href="/map/GB"><img src="https://images.ransomware.live/flags/GB.svg" alt="GB flag" title="United Kingdom" class="flag"></a>
<h2>NHS Alder Hey<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/TkhTIEFsZGVyIEhleUBpbmNyYW5zb20=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/alderhey.nhs.uk" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/incransom" class="group-link">Incransom</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 16:57</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Healthcare">Healthcare</a></div>
</div>
</div>
<div class="bubble">
Evidence of large-scale data
Patient records, donor reports, procurement data are indicated
Information available for 2018-2024
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.alderhey.nhs.uk" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="alderhey.nhs.uk" data-thirdparty="4" data-employees="3" data-users="3" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/951f491b947d53f6e51d1634720b064f.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/incransom" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": [], "DefenseEvasion": [], "DiscoveryEnum": ["AdFind", "Advanced IP Scanner"], "Exfiltration": ["MEGA", "Restic", "RClone"], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": [], "RMM-Tools": [], "group_name": "incransom"}" data-group="incransom" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/incransom#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 15:36:41.017808">
<a href="/map/CM"><img src="https://images.ransomware.live/flags/CM.svg" alt="CM flag" title="Cameroon" class="flag"></a>
<h2>Chanas Assurances S.A. (chanasassurances.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/Q2hhbmFzIEFzc3VyYW5jZXMgUy5BLiAoY2hhbmFzYXNzdXJhbmNlcy5jb20pQGZvZw==')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/chanasassurances.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/fog" class="group-link">Fog</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 15:36</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
6 GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.chanasassurances.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="chanasassurances.com" data-thirdparty="2" data-employees="0" data-users="3" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/09e015393139f8f691b9fa6c21d28a24.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Veeam-Get-Creds"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Metasploit"], "RMM-Tools": [], "group_name": "fog"}" data-group="fog" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/fog#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 14:07:41.210153">
<a href="/map/FR"><img src="https://images.ransomware.live/flags/FR.svg" alt="FR flag" title="France" class="flag"></a>
<h2>ALLTUB Group (alltub.com)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QUxMVFVCIEdyb3VwIChhbGx0dWIuY29tKUBmb2c=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/alltub.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/fog" class="group-link">Fog</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 14:07</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Manufacturing">Manufacturing</a></div>
</div>
</div>
<div class="bubble">
20 GB
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.alltub.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/30521c6a8ca11e9e4e4218f3f7908983.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Veeam-Get-Creds"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Metasploit"], "RMM-Tools": [], "group_name": "fog"}" data-group="fog" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/fog#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 12:51:42.334540">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>Bedminster School (bedminsterschool.org)<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/QmVkbWluc3RlciBTY2hvb2wgKGJlZG1pbnN0ZXJzY2hvb2wub3JnKUBmb2c=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/bedminsterschool.org" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/fog" class="group-link">Fog</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 12:51</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Education">Education</a></div>
</div>
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.bedminsterschool.org" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/e1727e972c79cfc95aab10f2fe448fc0.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Veeam-Get-Creds"], "DefenseEvasion": [], "DiscoveryEnum": ["Advanced Port Scanner", "SharpShares", "SoftPerfect NetScan"], "Exfiltration": [], "LOLBAS": ["PsExec"], "Networking": [], "Offsec": ["Metasploit"], "RMM-Tools": [], "group_name": "fog"}" data-group="fog" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/group/fog#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 12:41:09.235990">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>IAС<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/SUHQoUBodW50ZXJz')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/iacindustries.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/hunters" class="group-link">Hunters</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 12:41</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Technology">Technology</a></div>
</div>
</div>
<div class="bubble">
Country : United States of America - Exfiltraded data : yes - Encrypted data : yes
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.iacindustries.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/e14c081bd7957667646a77c9504a45ab.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/ttps/hunters" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/group/hunters#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 11:58:08.313102">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>mcleanmortgage.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/bWNsZWFubW9ydGdhZ2UuY29tQGJsYWNrYmFzdGE=')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/mcleanmortgage.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/blackbasta" class="group-link">Blackbasta</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 11:58</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Financial_Services">Financial Services</a></div>
</div>
</div>
<div class="bubble">
McLean Mortgage Corporation is a mortgage brokerage based in Fairfax, Virginia, specializing in various loan products to assist clients in achieving home ownership. Established in 2008, the company has been operational for over 16 years and offers services across multiple locations.SITE: www.mcleanmortgage.com Address : 11325 Random Hills Road Suite 400 Fairfax, VA 22030 United StatesTEL#: (571) 405-2527ALL DATA SIZE: ≈1tb 1. Accounting 2. Financial data, Loans, Payrolls, Tax 3. Human Resources data 4. Confidential data 5. Customers, Clients personal docs 6. Personal documents users and employees & etc…
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.mcleanmortgage.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" data-domain="mcleanmortgage.com" data-thirdparty="0" data-employees="0" data-users="15" title="Infostealer Information Found">
<i class="fas fa-user-secret"></i>
</a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/f87325c8962c85dcac06d73ac10e377c.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/blackbasta" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["Backstab (Process Explorer driver)"], "DiscoveryEnum": ["AdFind", "Bloodhound", "PowerView", "PSNmap", "SoftPerfect NetScan"], "Exfiltration": ["Qaz[.]im", "RClone"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Brute Ratel C4", "Cobalt Strike", "Metasploit", "PowerSploit"], "RMM-Tools": ["AnyDesk", "Atera", "NetSupport", "ScreenConnect", "Splashtop", "Supremo"], "group_name": "blackbasta"}" data-group="blackbasta" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/blackbasta" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/blackbasta" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/blackbasta#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
<div class="victim" data-discovered="2024-11-28 11:54:54.859222">
<a href="/map/US"><img src="https://images.ransomware.live/flags/US.svg" alt="US flag" title="United States" class="flag"></a>
<h2>suit-kote.com<sup><i class="fa-solid fa-link" style="font-size: 0.6em;cursor: pointer;" onclick="copyTextToClipboard('https://www.ransomware.live/id/c3VpdC1rb3RlLmNvbUBibGFja2Jhc3Rh')"></i></sup> <span class="new-icon" style="display: none;">
<i class="fa-solid fa-caret-up"></i>
</span></h2>
<div class="details-container">
<img src="https://logo.clearbit.com/suit-kote.com" alt="Company logo" onerror="this.onerror=null;this.src='/static/images/Nologo.png';">
<div class="details-content">
<div class="group_title">Ransomware Group: <div class="group"><a href="/group/blackbasta" class="group-link">Blackbasta</a></div></div>
<p></p>
<div class="date">Discovery Date: 2024-11-28 11:54</div>
<div class="date"><b>Estimated Attack Date: </b>2024-10-16</div>
<p></p>
<div class="sector">Sector: <a href="/activity/Construction">Construction</a></div>
</div>
</div>
<div class="bubble">
Suit-Kote Corporation is a privately-owned company that manufactures asphalt products, provides road construction and maintenance services, and engineers asphalt applications.SITE: www.suit-kote.com Address : 1911 Lorings Crossing Road, Cortland, NY 13045 United StatesTEL#: (607) 753-1100ALL DATA SIZE: ≈1.5tb 1. Personal documents, employees data 2. Financial data, Accounting 3. Users folders 4. Tax data, forms 5. confidential agrements, NDAs data & etc…
</div>
<p></p>
<div class="icons">
<span class="subtitle">Victim: </span>
<a href="https://www.suit-kote.com" title="Visit Victim's Website" target="_blank"><i class="fas fa-globe"></i></a>
<a href="#" class="show-popup" data-img-url="https://images.ransomware.live/screenshots/posts/d97c3f7c32eaa9c37374c4ee67fff7b5.png" title="Screenshot Available">
<i class="fas fa-camera"></i>
</a>
|
<span class="subtitle">Group: </span>
<a href="/yara/blackbasta" title="YARA Rules Available">
<i class="fas fa-scroll"></i>
</a>
<a href="#" class="show-ttps-popup" data-ttps="{"CredentialTheft": ["Mimikatz"], "DefenseEvasion": ["Backstab (Process Explorer driver)"], "DiscoveryEnum": ["AdFind", "Bloodhound", "PowerView", "PSNmap", "SoftPerfect NetScan"], "Exfiltration": ["Qaz[.]im", "RClone"], "LOLBAS": ["BITSAdmin", "PsExec"], "Networking": [], "Offsec": ["Brute Ratel C4", "Cobalt Strike", "Metasploit", "PowerSploit"], "RMM-Tools": ["AnyDesk", "Atera", "NetSupport", "ScreenConnect", "Splashtop", "Supremo"], "group_name": "blackbasta"}" data-group="blackbasta" title="Tools used by ransomware group">
<i class="fas fa-tools"></i>
</a>
<a href="/ttps/blackbasta" title="TTPs information">
<i class="fa-solid fa-microchip"></i>
</a>
<a href="/vuln/blackbasta" title="Vulnerabilities information">
<i class="fa-solid fa-bug"></i>
</a>
<a href="/group/blackbasta#stats" title="Activity">
<i class="fa-solid fa-chart-area"></i>
</a>
</div>
</div>
</div>
</div>
<script>
function copyTextToClipboard(text) {
// Create a temporary textarea element to hold the text
var tempInput = document.createElement('textarea');
tempInput.value = text;
document.body.appendChild(tempInput);
// Select the text in the textarea
tempInput.select();
tempInput.setSelectionRange(0, 99999); // For mobile devices
// Copy the text to the clipboard
document.execCommand('copy');
// Remove the temporary textarea
document.body.removeChild(tempInput);
// Optional: alert the user that the text was copied
alert('Link to victim copied');
}
</script>
<script>
window.addEventListener('load', function() {
const currentTimestamp = new Date().toISOString();
// Set or update the cookie with the current timestamp
function setVisitTimestamp() {
document.cookie = `timestamp=${currentTimestamp}; path=/; max-age=${7 * 24 * 60 * 60}`;
}
// Function to check and update the "New" icon
function checkForNewEntries() {
const lastVisit = getCookie('timestamp');
if (!lastVisit) {
// If no timestamp cookie is found, set the cookie with the current timestamp
setVisitTimestamp();
return; // Do not show the "New" icon as this is the user's first visit
}
const lastVisitDate = new Date(lastVisit);
// Check each victim's discovered date
document.querySelectorAll('.victim').forEach(function(victim) {
const discoveredDate = new Date(victim.getAttribute('data-discovered'));
if (discoveredDate > lastVisitDate) {
victim.querySelector('.new-icon').style.display = 'inline';
} else {
victim.querySelector('.new-icon').style.display = 'none';
}
});
}
// Run the check and then update the cookie
checkForNewEntries();
setVisitTimestamp();
});
// Function to get a cookie value by name
function getCookie(name) {
const value = `; ${document.cookie}`;
const parts = value.split(`; ${name}=`);
if (parts.length === 2) return parts.pop().split(';').shift();
return null; // Return null if cookie not found
}
</script>
<!-- Screenshot Popup Structure -->
<div class="popup" id="imagePopup">
<div class="popup-content">
<span class="close" id="closeImagePopup">×</span>
<img id="popupImage" src="" alt="Screenshot">
<p style="text-align: center;"><a id="downloadLink" href="" donwload="" target="_blank"><i class="fa-solid fa-floppy-disk"></i></a></p>
</div>
</div>
<!-- TTPs Popup Structure -->
<div class="popup" id="ttpsPopup">
<div class="popup-content">
<span class="close" id="closeTtpsPopup">×</span>
<h2>Tools used by <span class="group" id="Group"></span></h2>
<table>
<thead>
<tr>
<th>Discovery</th>
<th>RMM Tools</th>
<th>Defense Evasion</th>
<th>Credential Theft</th>
<th>OffSec</th>
<th>Networking</th>
<th>LOLBAS</th>
<th>Exfiltration</th>
</tr>
</thead>
<tbody id="ttpsTableBody">
<!-- Dynamic rows will be inserted here -->
</tbody>
</table>
<p></p>
<p class="note">This information is provided by <a href="https://github.com/BushidoUK/Ransomware-Tool-Matrix" target="_blank"> Ransomware-Tool-Matrix</a></p>
</div>
</div>
<!-- YARA Confirmation Popup Structure -->
<div class="popup" id="ExternalPopup">
<div class="popup-content">
<span class="help-icon-popup" title="This action will take you away from the site."></span>
<p><br></p>
<p>You're leaving the <span class="group" style="font-size: 12px;">Ransomare.live</span> site. Do you want to continue?</p>
<p class="note">External url: <span id="ExternalUrl"></span> </p>
<div class="popup-actions">
<button id="confirmExternalYes">YES</button>
<button id="confirmExternalNo">NO</button>
</div>
</div>
</div>
<!-- Infostealer Popup Structure -->
<div class="popup" id="infostealerPopup">
<div class="popup-content">
<span class="close" id="closeInfostealerPopup">×</span>
<h3>Infostealer information available for</h3><h3>
</h3><h2><span id="domain"></span></h2>
<table>
<thead align="center">
<tr>
<th style="text-align: center;"><i class="fa-solid fa-user-tie"></i> Employees(s)</th>
<th style="text-align: center;"><i class="fa-solid fa-user-group"></i> Customer(s)</th>
<th style="text-align: center;"><i class="fa-solid fa-sitemap"></i> Third Party Employee(s)</th>
</tr>
</thead><tbody align="center">
<tr>
<th style="text-align: center; font-weight: bold;"><span id="infostealerEmployees"></span></th>
<th style="text-align: center; font-weight: bold;"><span id="infostealerUsers"></span></th>
<th style="text-align: center; font-weight: bold;"><span id="infostealerThirdparty"></span></th>
</tr></tbody>
</table>
<p></p>
<p class="note">This information is provided by <a id="hudsonRockLink" target="_blank">HudsonRock</a></p>
</div>
</div>
<script>
// Close the TTPs popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var popup = document.getElementById('ttpsPopup');
if (event.target === popup) {
popup.style.display = 'none';
}
});
// Function to show the infostealer popup
document.querySelectorAll('[data-employees][data-users]').forEach(function(element) {
element.addEventListener('click', function(event) {
event.preventDefault();
var users = this.getAttribute('data-users');
var employees = this.getAttribute('data-employees');
var domain = this.getAttribute('data-domain');
var thirdparty = this.getAttribute('data-thirdparty');
// Update popup content
document.getElementById('infostealerUsers').textContent = users || 'N/A';
document.getElementById('infostealerEmployees').textContent = employees || 'N/A';
document.getElementById('infostealerThirdparty').textContent = thirdparty || 'N/A';
document.getElementById('domain').textContent = domain;
document.getElementById("hudsonRockLink").href = "https://www.hudsonrock.com/search?domain=" + domain;
// Show the infostealer popup
document.getElementById('infostealerPopup').style.display = 'flex';
});
});
// Function to close the infostealer popup
document.getElementById('closeInfostealerPopup').addEventListener('click', function() {
document.getElementById('infostealerPopup').style.display = 'none';
});
// Close the infostealer popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var popup = document.getElementById('infostealerPopup');
if (event.target === popup) {
popup.style.display = 'none';
}
});
</script>
<!-- Legend Popup Structure -->
<div class="popup" id="legendPopup">
<div class="popup-content">
<span class="close" id="closeLegendPopup">×</span>
<h2>Icon Legend</h2>
<ul>
<li><i class="fas fa-globe"></i> Victim's website</li>
<li><i class="fas fa-camera"></i> Screenshot of the ransomware gang Dedicated Leak Sites</li>
<li><i class="fas fa-user-secret"></i> Infostealer Information available in HudsonRock database</li>
<li><br><i class="fa-solid fa-caret-up"></i> New victim since your last visit base on cookie<sup>*</sup></li>
</ul>
<hr>
<ul>
<li><i class="fas fa-scroll"></i> Yara Rules are available </li>
<li><i class="fa-solid fa-microchip"></i>TTPs are available</li>
<li><i class="fa-solid fa-bug"></i> Known Vulnerabilities used are available</li>
<li><i class="fas fa-tools"></i> Tools used are available</li>
</ul>
<hr>
<br>
<i class="fa-solid fa-cookie"></i> * The cookie is used solely to identify and display new victims since your last visit to this site.
<br>
</div>
</div>
<!-- Footer Section -->
<div class="footer">
<p>© 2024 Ransomware.live. All rights reserved. | <i class="fa-regular fa-envelope"></i> <a href="https://ransomwarelive.freshdesk.com/support/tickets/new" target="_blank">Contact us</a> |
<i class="fa-brands fa-bluesky"></i> <a href="https://bsky.app/profile/ransomwarelive.bsky.social" target="_blank" title="Follow us on BlueSky">BlueSky</a>
|
<i class="fab fa-github"></i> <a href="https://github.com/jmousqueton/ransomware.live" target="_blank" title="Follow us on GitHub">GitHub</a> | <i class="fa-brands fa-linkedin"></i> <a href="https://www.linkedin.com/company/ransomwarelive" target="_blank" title="Follow us on LinkedIn">LinkedIn</a>
</p>
<p><i style="color: red" class="fa-solid fa-heart"></i> <a href="https://buymeacoffee.com/ransomwarelive" target="_blank">Support Ransomare.live</a></p>
<p class="note">Last Dataset update : 2024-12-03 12:21:24 UTC </p>
</div>
<!-- Floating Back to Top Arrow -->
<a href="#" class="back-to-top" title="Back to top"><i class="fas fa-arrow-up"></i></a>
<script>
// Function to show the image popup
document.querySelectorAll('.show-popup').forEach(function(element) {
element.addEventListener('click', function(event) {
event.preventDefault();
var imageUrl = this.getAttribute('data-img-url');
var popupImage = document.getElementById('popupImage');
popupImage.src = imageUrl;
var downloadLink = document.getElementById('downloadLink');
downloadLink.href = imageUrl;
document.getElementById('imagePopup').style.display = 'flex';
});
});
// Function to close the image popup
document.getElementById('closeImagePopup').addEventListener('click', function() {
document.getElementById('imagePopup').style.display = 'none';
});
// Close the image popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var popup = document.getElementById('imagePopup');
if (event.target === popup) {
popup.style.display = 'none';
}
});
// Function to show the TTPs popup
document.querySelectorAll('.show-ttps-popup').forEach(function(element) {
element.addEventListener('click', function(event) {
event.preventDefault();
var ttpsData = this.getAttribute('data-ttps');
var GrpData = this.getAttribute('data-group');
try {
ttpsData = JSON.parse(ttpsData); // Ensure JSON is parsed
} catch (e) {
console.error("Failed to parse TTPs data:", e);
return;
}
document.getElementById('Group').textContent = GrpData;
var ttpsTableBody = document.getElementById('ttpsTableBody');
ttpsTableBody.innerHTML = ''; // Clear existing table rows
var maxRows = 0;
var categories = ["DiscoveryEnum", "RMM-Tools", "DefenseEvasion", "CredentialTheft", "Offsec", "Networking", "LOLBAS", "Exfiltration"];
categories.forEach(function(category) {
if (ttpsData[category] && ttpsData[category].length > 0) {
maxRows = Math.max(maxRows, ttpsData[category].length);
}
});
for (var i = 0; i < maxRows; i++) {
var row = document.createElement('tr');
categories.forEach(function(category) {
var cellValue = ttpsData[category] && ttpsData[category][i] ? ttpsData[category][i] : '';
row.innerHTML += `<td>${cellValue}</td>`;
});
ttpsTableBody.appendChild(row);
}
document.getElementById('ttpsPopup').style.display = 'flex'; // Show the popup
});
});
// Function to close the TTPs popup
document.getElementById('closeTtpsPopup').addEventListener('click', function() {
document.getElementById('ttpsPopup').style.display = 'none';
});
// Close the TTPs popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var popup = document.getElementById('ttpsPopup');
if (event.target === popup) {
popup.style.display = 'none';
}
});
// Function to show the legend popup
document.querySelector('.help-icon').addEventListener('click', function(event) {
event.preventDefault();
document.getElementById('legendPopup').style.display = 'flex';
});
// Function to close the legend popup
document.getElementById('closeLegendPopup').addEventListener('click', function() {
document.getElementById('legendPopup').style.display = 'none';
});
// Function to close the popup
function closePopup(popupId) {
document.getElementById(popupId).style.display = 'none';
}
// Event listener for closing popups with ESC key
window.addEventListener('keydown', function(event) {
if (event.key === 'Escape') {
// Close all popups
document.querySelectorAll('.popup').forEach(function(popup) {
popup.style.display = 'none';
});
}
});
// Close the legend popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var legendPopup = document.getElementById('legendPopup');
if (event.target === legendPopup) {
closePopup('legendPopup');
}
});
document.querySelectorAll('.show-external-popup').forEach(function(element) {
element.addEventListener('click', function(event) {
event.preventDefault();
var ExternalUrl = this.getAttribute('data-external-url');
var ExternalPopup = document.getElementById('ExternalPopup');
// Show the popup
ExternalPopup.style.display = 'flex';
document.getElementById('ExternalUrl').textContent = ExternalUrl;
// Handle the YES button click
document.getElementById('confirmExternalYes').onclick = function() {
window.location.href = ExternalUrl; //
};
// Handle the NO button click or close icon
document.getElementById('confirmExternalNo').onclick = function() {
ExternalPopup.style.display = 'none'; // Close the popup
};
document.getElementById('closeExternalPopup').onclick = function() {
ExternalPopup.style.display = 'none'; // Close the popup
};
});
});
// Close the YARA popup when clicking outside the popup content
window.addEventListener('click', function(event) {
var ExternalPopup = document.getElementById('ExternalPopup');
if (event.target === ExternalPopup) {
ExternalPopup.style.display = 'none';
}
});
</script>
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="https://stats.mousqueton.io/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '18']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</body></html>