Antigone Active

Ransomware group first observed in 2017. Uses ConnectWise for deployment.
PDF Report Back to Groups
1
Total Victims
2017-12-01
First Seen
2026-03-05
Last Seen
0
Known TTPs
41.4d
Avg Delay
0
Negotiations
ONION URLS
l5wndth4ezab6skbgb246q3jyhz43unhhbyomfpiwhmblbp4tldc7i5q.onion
TOOLS
ConnectWise LaZagne TrickBot MegaSync
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-05 Bay Holdings Germany Hospitality Published

No TTPs data

No YARA rules

TypeValueDescriptionCopy
email help616@cock.li Contact email observed in Antigone attacks
sha256 40bed164be83d2a0f336e9633458a74dae8301cbed562d6566452e77d48d8974 Infrastructure linked to Antigone
tox DAC1BA104A3697AADC9B28BFA8EB4B19B52D48B226C4D26A2CB713C343AA9CA6C4EAFC65B9AF Tox messenger ID - Antigone campaign
sha1 04be4217f5b704e43c8592d1621f36b404ad32b3 Dropper hash - Antigone campaign
ip 83.138.145.76 C2 server IP observed in Antigone attacks
sha256 1269ae6adc88ed8a4e05dd35a72289ee62547c78a9408eaceb84253cf76c5acc Ransomware binary hash - Antigone campaign
md5 fddef7eea6e534fa2bc32aa58cb9a3f6 Malware sample hash - Antigone campaign
tox 788ED6D2B7473DCF4BDCBEADA19925AAE8C1CC4EAC2ACFE132EA2C6ACF0E699EE2E0C14EEA57 Associated with Antigone ransomware
tox D9EBDB466F90A96D915BB9DAD6CD13AF6C4EAA65260EDCDCD28D2E0A6C0C5EC3DFFB69E0C4A1 Tox messenger ID - Antigone campaign
sha256 36bb77852f88bc96de45d0a6c98eadc58fd4214d26b955f4b316b7189e1bb015 Ransomware binary hash observed in Antigone attacks
ip 212.13.62.234 Associated with Antigone ransomware
ip 180.182.253.70 C2 server IP - Antigone campaign
btc bc1qtlkb8w5c1alt2p504qgv4yffoak558tbfmhzew Infrastructure linked to Antigone

No ransom notes