Altair Defunct
Ransomware group first observed in 2025. Uses nltest for deployment.0
Total Victims
2025-08-01
First Seen
2025-06-03
Last Seen
14
Known TTPs
6.4d
Avg Delay
0
Negotiations
ONION URLS
s2gkvn2556dfwmgwyr4s3gpo7hco5cla6nuv7bbze7yegqn3l3w7trup.onion
TOOLS
nltest
Mimikatz
FILE EXTENSIONS
.666
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1003.001 | LSASS Memory | Credential Access |
| T1003.003 | NTDS | Credential Access |
| T1558.003 | Kerberoasting | Credential Access |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1049 | System Network Connections Discovery | Discovery |
| T1082 | System Information Discovery | Discovery |
| T1486 | Data Encrypted for Impact | Impact |
| T1489 | Service Stop | Impact |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
No YARA rules
No IoCs
No ransom notes