Armor Active

Ransomware group first observed in 2018. Uses WinSCP for deployment.
PDF Report Back to Groups
1
Total Victims
2018-04-01
First Seen
2026-03-07
Last Seen
7
Known TTPs
37.3d
Avg Delay
0
Negotiations
ONION URLS
pcdjpka2cy4a3rrpjvfjjgpfshiucauxvxdlw376vysg7xde6lc6izml.onion
TOOLS
WinSCP Certify
FILE EXTENSIONS
.crypt
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-07 Meridian Labs United States Telecommunications Published
Technique ID Technique Name Tactic
T1110.003 Password Spraying Credential Access
T1069 Permission Groups Discovery Discovery
T1053.005 Scheduled Task Execution
T1204.002 Malicious File Execution
T1486 Data Encrypted for Impact Impact
T1489 Service Stop Impact
T1021.002 SMB/Windows Admin Shares Lateral Movement

No YARA rules

No IoCs

No ransom notes