TA505/Cl0p Affiliate Active

Long-running cybercrime group associated with Cl0p ransomware distribution.
PDF Report Back to Groups
1
Total Victims
2014-01-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
29.2d
Avg Delay
0
Negotiations
ONION URLS
5zqo4cahxuo2e5j6ppuut5jpqg3crgz4o2dd6b7pa73iq5okzfhdabsd.onion
TOOLS
Cloudflare Tunnel Rclone BloodHound Rubeus
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Western Technologies Colombia Non-Profit Removed

No TTPs data

No YARA rules

TypeValueDescriptionCopy
sha1 248ab5490baf563cac2176e7a2651d18f9f20ce1 Associated with TA505/Cl0p Affiliate ransomware
sha1 754f435b84ae1f5ab630b4f36432b33e1cd162f5 Dropper hash observed in TA505/Cl0p Affiliate attacks
tox 4D784DFF53FCF7FDEA27CBDF510D9A1FB3E3E13C1313CEBDC084D72FB9609BCB8C4B1B75D9AE Tox messenger ID observed in TA505/Cl0p Affiliate attacks
sha256 cf8a4c3d1f949d5a1c96469b9e5f6a3a4b351b5a341d4dde88d92ea36786aebc Ransomware binary hash - TA505/Cl0p Affiliate campaign
md5 df49a3edc6c70ffb8632a0ea0814b342 Malware sample hash observed in TA505/Cl0p Affiliate attacks
email decrypt458@firemail.cc Infrastructure linked to TA505/Cl0p Affiliate
md5 381dcc52f74e0ae9f874599c7e24f394 Associated with TA505/Cl0p Affiliate ransomware

No ransom notes