0mega Active

Double extortion group with dedicated leak site. Targets manufacturing.
PDF Report Back to Groups
0
Total Victims
2022-05-01
First Seen
N/A
Last Seen
0
Known TTPs
19.1d
Avg Delay
0
Negotiations
ONION URLS
omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd.onion
omegalo4jci44dj2ww6ioppevssjqj7kovfd3nn7oyq4byxbbqmf5cid.onion
TOOLS
Chisel AnyDesk QBot Certify
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
sha256 bcb35c857343353c86389dbf28a5f3ca94b9623d0254b6ff23a63d22dfc832a0 Infrastructure linked to 0mega
tox CE96FBEBA4CC6C8FB3C7BDF2DD9C3E86BFE211AA618CAFECB63B8135EF7F2DBAFCFB4E00C93A Infrastructure linked to 0mega
sha256 8f47b846d03b93c6398e04fe131d063a559abc4ee8cc5e69aa2e31c3c6b8d519 Infrastructure linked to 0mega
md5 8674854eb0247be931398b804770956d Malware sample hash observed in 0mega attacks
ip 155.61.204.172 C2 server IP - 0mega campaign
btc bc1q6yp4zumabjmcux4gvg4mrwzkbg5sey6bnmka0c Bitcoin ransom address observed in 0mega attacks
tox 4C0C4B8774B3E5B138AB84EDCFEE1CAABFF2FECFBF7A250120EDEECFCC05B9EE7B8C36A3CC1C Tox messenger ID observed in 0mega attacks
btc bc1qfu7ek683nqszehlngur9pg7fwfhx7r6trjkhu6 Associated with 0mega ransomware
email decrypt323@firemail.cc Contact email observed in 0mega attacks
btc bc1q6zfw5o3f1c9ycxl4nc26bz9qji1cmsovinnvdv Bitcoin ransom address observed in 0mega attacks
sha1 7a23325112a8455ce0e2ae65c2244320e9686e80 Associated with 0mega ransomware
sha1 6d2e2ec9dccb46a6604528c04194c044a8f14d74 Dropper hash - 0mega campaign
md5 b566fda37e75cfd0985457bdfc80c28d Infrastructure linked to 0mega

No ransom notes