Blaze Active

Ransomware group first observed in 2016. Uses Mythic for deployment.
PDF Report Back to Groups
0
Total Victims
2016-03-01
First Seen
2026-01-10
Last Seen
0
Known TTPs
25.8d
Avg Delay
0
Negotiations
ONION URLS
vbuuc2e35y63f6w5l2xfluqo7o6aeqlvmry3phpi2r375jxmshglqvod.onion
TOOLS
Mythic SystemBC Certify
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
btc bc1qyzgcgo2ns6dzhvzfi1b4yxbkh99zsngiaglzyn Associated with Blaze ransomware
sha256 caeb57651de9980bfffd7eee1a26aecb98c1b8654753a3445d8e6bf8ff85c1d8 Ransomware binary hash - Blaze campaign
sha1 2ec6a596f1cf48c5f215696fbd15317b11ae8bd4 Dropper hash - Blaze campaign
email payment610@airmail.cc Infrastructure linked to Blaze
sha256 68217352d9f5609679151afac27d52ade295f8f5be6cd42147b971ab0e91d8aa Infrastructure linked to Blaze
tox B4FFBAACEF0D7D70739C79F8E9CF7C7AABF6DD8F0DD9AA529FF121B7FFC46CABBEC46ADEDEB8 Tox messenger ID - Blaze campaign
sha256 8e513abd773251ce2f00d5ffaff797c51af0156023bc33bbd881aa03dbb5112a Infrastructure linked to Blaze
sha256 61a992eda7fe51b84a827f0ad4ac111d13843454fbb46366df5c9494bea303a2 Ransomware binary hash - Blaze campaign
ip 91.184.217.210 C2 server IP - Blaze campaign
sha1 ab2d3f3f01c044c3cfbce1519df2b40e2a5ef960 Associated with Blaze ransomware
email decrypt515@tuta.io Infrastructure linked to Blaze

No ransom notes