Codefinger Active

AWS S3 bucket encryption specialist
PDF Report Back to Groups
1
Total Victims
2025-01-01
First Seen
2026-03-05
Last Seen
0
Known TTPs
24.2d
Avg Delay
0
Negotiations
ONION URLS
fdnxxdyu6rtfnyubp4xs3yjkb5yl2f27uzj4sr7nei6yohoknjbk7t5y.onion
ogfcx7rt6p3ya53gbtrbfz2ecjokmvp4rlree2sk5bhs5gj3tay2kyc7.onion
TOOLS
AWS SSE-C abuse
FILE EXTENSIONS
.codefinger
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-05 Elite Inc United States Media Published

No TTPs data

No YARA rules

TypeValueDescriptionCopy
md5 34852b499f96825eeb8627ec2492b72f Associated with Codefinger ransomware
ip 98.134.92.36 Infrastructure linked to Codefinger
btc bc1q22vzii70wqn1c6gfez1e2roiqpqjh3n3ry0lyp Bitcoin ransom address observed in Codefinger attacks
ip 179.185.196.57 Infrastructure linked to Codefinger
sha1 29f57f573084b12319b6b3bebef397c3dcaba855 Dropper hash - Codefinger campaign
btc bc1q0vng9r7ss54e6e5o7tboyauv758yktbfy9dt71 Bitcoin ransom address observed in Codefinger attacks
ip 185.94.56.140 Infrastructure linked to Codefinger
tox C9F4DF27BD383512ECEEFDA29634EFED5BB0B2CB6C9FF6A2BB5D3893FFA8D08F30FEDCCD511D Associated with Codefinger ransomware
sha256 d9f89c0b51670628c87e7c4ec9c6249e0816b3a198721a71bebcb7168354d08d Ransomware binary hash observed in Codefinger attacks
email recover595@tutanota.com Contact email - Codefinger campaign
tox 55784FD271EFDEB7EF2EE6F7187ABD7C31EABDDEB637DC8CB09DC3F3E7365C1E4360D6E5231A Tox messenger ID - Codefinger campaign
sha1 c08a7aa226a51e2a5a00acbf9752f3791272a47d Dropper hash - Codefinger campaign
sha1 3a74c13b89bd76cfd2f472e9c0a8e39a83616a25 Dropper hash observed in Codefinger attacks
sha256 9c850b4a689fcd2d800f8dbb1c506f51c15485d8549860a48fff7202c9472e72 Ransomware binary hash observed in Codefinger attacks
ip 166.174.40.220 Associated with Codefinger ransomware

No ransom notes