BladeBreach Active

Ransomware group first observed in 2018. Uses TeamViewer for deployment.
PDF Report Back to Groups
0
Total Victims
2018-07-01
First Seen
2026-02-15
Last Seen
9
Known TTPs
32.8d
Avg Delay
0
Negotiations
ONION URLS
7o2g4dlyq6jjptjq3rbruv3u4fgf4hdnfmalytwsomi2wtjvyzzrx32a.onion
TOOLS
TeamViewer Chisel
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1090 Proxy Command and Control
T1219 Remote Access Software Command and Control
T1027 Obfuscated Files or Information Defense Evasion
T1082 System Information Discovery Discovery
T1041 Exfiltration Over C2 Channel Exfiltration
T1486 Data Encrypted for Impact Impact
T1561.001 Disk Wipe Impact
T1566.001 Spearphishing Attachment Initial Access
T1547.009 Shortcut Modification Persistence

No YARA rules

TypeValueDescriptionCopy
email support743@protonmail.com Infrastructure linked to BladeBreach
ip 97.182.120.132 Associated with BladeBreach ransomware
sha256 f431aff4783cd3f21df11f07278eecd6664f9f0480f8fbf6a79d8c4340e34c3e Infrastructure linked to BladeBreach
email support671@airmail.cc Associated with BladeBreach ransomware

No ransom notes