CipherStrike Active
Ransomware group first observed in 2023. Uses TeamViewer for deployment.0
Total Victims
2023-05-01
First Seen
2026-01-06
Last Seen
11
Known TTPs
5.5d
Avg Delay
0
Negotiations
ONION URLS
m2j7w5irsedmiaozm6h3uadcpmd2nivj2x2rjxjfgshbyjmlmqzui23e.onion
TOOLS
TeamViewer
net.exe
MegaSync
FILE EXTENSIONS
.oops
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1105 | Ingress Tool Transfer | Command and Control |
| T1572 | Protocol Tunneling | Command and Control |
| T1552.001 | Credentials In Files | Credential Access |
| T1558.003 | Kerberoasting | Credential Access |
| T1049 | System Network Connections Discovery | Discovery |
| T1083 | File and Directory Discovery | Discovery |
| T1059.003 | Windows Command Shell | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1547.001 | Registry Run Keys | Persistence |
| T1547.009 | Shortcut Modification | Persistence |
No YARA rules
No IoCs
No ransom notes