Betelgeuse Inactive

Ransomware group first observed in 2020. Uses PsExec for deployment.
PDF Report Back to Groups
0
Total Victims
2020-09-01
First Seen
2024-11-05
Last Seen
0
Known TTPs
10.2d
Avg Delay
0
Negotiations
ONION URLS
6ynyrokp57sugc5lwz74yh7xwe5qorv5o63dgahckhmvlip24ori6iqc.onion
TOOLS
PsExec Cobalt Strike FileZilla
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
email contact814@protonmail.com Contact email - Betelgeuse campaign
sha256 9b4c09d1aeb61be2cc70a9656838ea546d4bc82796a0b53be6384c932db335ba Infrastructure linked to Betelgeuse
sha1 d1cc3a6901b241668c49c4d8a6b970eea13f0af0 Associated with Betelgeuse ransomware
btc bc1qfoynsy08jnxdlxaxm97dbvc7lbj0mffvdb4ain Bitcoin ransom address - Betelgeuse campaign
md5 0c8497ecf37dfbc8e8fc88116a2c6653 Malware sample hash observed in Betelgeuse attacks
ip 157.9.100.141 Associated with Betelgeuse ransomware

No ransom notes