Bl00dy Active

Uses leaked LockBit 3.0 and Babuk builders. Targets education sector.
PDF Report Back to Groups
1
Total Victims
2022-07-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
20.0d
Avg Delay
0
Negotiations
ONION URLS
wpedswxeohw5i3rsmb2y3xdzwmqxbr6xyz6h5incsoeee54jrmdhzfbd.onion
kwggej775xa72bjgdkauakt7vv6rz2c4nhioop5dm2l5aehuhzgscabe.onion
TOOLS
LockBit builder Conti
FILE EXTENSIONS
.bl00dy
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Allied Technologies United States Hospitality Published

No TTPs data

No YARA rules

TypeValueDescriptionCopy
md5 55fedacc15699bdeeb1578346bfae788 Malware sample hash observed in Bl00dy attacks
md5 026bdc061ef8b2f38a7a9df2f6461b96 Associated with Bl00dy ransomware
sha1 e1177b7cc9b0fb06ba460c696e436b3a4980d635 Associated with Bl00dy ransomware
ip 87.154.209.194 Infrastructure linked to Bl00dy
tox FBB7BB12CE3D1E0776C3928F790EDF29EC0C4B8DF9BC48EDDBE2A253F31FBA6E71DF2E33F2E3 Infrastructure linked to Bl00dy
ip 192.252.52.181 Infrastructure linked to Bl00dy
btc bc1qrkjlg79b5z3nqmtgkgfq6bx3erjy702046n2ou Associated with Bl00dy ransomware

No ransom notes