Basilisk Inactive

Ransomware group first observed in 2019. Uses PowerShell Empire for deployment.
PDF Report Back to Groups
0
Total Victims
2019-09-01
First Seen
2020-09-21
Last Seen
0
Known TTPs
35.9d
Avg Delay
0
Negotiations
ONION URLS
aladntjgwqxnqchdkzkxuray33bcb5ndm2ruij3c75xnlw7z5e3kbbih.onion
TOOLS
PowerShell Empire LaZagne SharpDPAPI nltest Atera
FILE EXTENSIONS
.666
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
ip 78.203.5.215 C2 server IP observed in Basilisk attacks
email help540@tutanota.com Infrastructure linked to Basilisk
btc bc1q9ut8wfmz6bz5r4o580x8b0sbqp2zi906aob8fx Associated with Basilisk ransomware
sha256 4a22ee9f73fa114a9ccdb336e76ad9620a6a1313fd80554c3dd6157a5e8aa716 Associated with Basilisk ransomware
btc bc1qz3oolc732xb1l2nk6lhz8pszpyxtt5kvrhyky2 Infrastructure linked to Basilisk

No ransom notes