AjaxLeak Defunct

Ransomware group first observed in 2017. Uses Ligolo for deployment.
PDF Report Back to Groups
0
Total Victims
2017-05-01
First Seen
2019-07-06
Last Seen
9
Known TTPs
19.7d
Avg Delay
0
Negotiations
ONION URLS
aj2sbgji2fcgdpn74cjyvwzhqz7chdk7kfhwbe33gaubu5mfeinqmkae.onion
TOOLS
Ligolo PowerTool Chisel SharpHound Process Hacker
FILE EXTENSIONS
.help
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1039 Data from Network Shared Drive Collection
T1560.001 Archive via Utility Collection
T1572 Protocol Tunneling Command and Control
T1555.003 Credentials from Web Browsers Credential Access
T1140 Deobfuscate/Decode Files Defense Evasion
T1059.001 PowerShell Execution
T1078 Valid Accounts Initial Access
T1080 Taint Shared Content Lateral Movement
T1547.001 Registry Run Keys Persistence

No YARA rules

No IoCs

No ransom notes