CoreSec Active

Ransomware group first observed in 2017. Uses SharpDPAPI for deployment.
PDF Report Back to Groups
0
Total Victims
2017-05-01
First Seen
2026-03-27
Last Seen
6
Known TTPs
43.3d
Avg Delay
0
Negotiations
ONION URLS
64etvdp4horup7jpedyywkntkrelvydiodfhbiz4obgblyb5epoztak2.onion
TOOLS
SharpDPAPI BloodHound GMER Sliver C2 7-Zip
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1560.001 Archive via Utility Collection
T1105 Ingress Tool Transfer Command and Control
T1036.005 Match Legitimate Name or Location Defense Evasion
T1562.004 Disable or Modify System Firewall Defense Evasion
T1053.005 Scheduled Task Execution
T1059.005 Visual Basic Execution

No YARA rules

No IoCs

No ransom notes