Atlas Active

Ransomware group first observed in 2025. Uses IcedID for deployment.
PDF Report Back to Groups
0
Total Victims
2025-01-01
First Seen
2026-01-15
Last Seen
5
Known TTPs
16.2d
Avg Delay
0
Negotiations
ONION URLS
malas2urovbyyavjzaezkt5ohljvyd5lt7vv7mnsgbf2y4bwlh72doqd.onion
TOOLS
IcedID net.exe
FILE EXTENSIONS
.help
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1090 Proxy Command and Control
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration
T1189 Drive-by Compromise Initial Access
T1566.001 Spearphishing Attachment Initial Access
T1021.001 Remote Desktop Protocol Lateral Movement

No YARA rules

No IoCs

No ransom notes