Banshee Active

Ransomware group first observed in 2016. Uses Mythic for deployment.
PDF Report Back to Groups
1
Total Victims
2016-12-01
First Seen
2026-03-06
Last Seen
20
Known TTPs
37.4d
Avg Delay
0
Negotiations
ONION URLS
heu247g6vx73h3aqvub5sthyrkmqhtdfrm46tjpzeximavquxnn2pzuh.onion
TOOLS
Mythic Meterpreter
FILE EXTENSIONS
.encrypted
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Western Corp Switzerland Government Published
Technique ID Technique Name Tactic
T1074.001 Local Data Staging Collection
T1071.001 Web Protocols Command and Control
T1219 Remote Access Software Command and Control
T1572 Protocol Tunneling Command and Control
T1003.001 LSASS Memory Credential Access
T1110.003 Password Spraying Credential Access
T1558.003 Kerberoasting Credential Access
T1036.005 Match Legitimate Name or Location Defense Evasion
T1140 Deobfuscate/Decode Files Defense Evasion
T1018 Remote System Discovery Discovery
T1082 System Information Discovery Discovery
T1083 File and Directory Discovery Discovery
T1135 Network Share Discovery Discovery
T1059.005 Visual Basic Execution
T1485 Data Destruction Impact
T1021.004 SSH Lateral Movement
T1570 Lateral Tool Transfer Lateral Movement
T1136.001 Local Account Persistence
T1547.001 Registry Run Keys Persistence
T1548.002 Bypass UAC Privilege Escalation

No YARA rules

No IoCs

No ransom notes