Curse Active

Ransomware group first observed in 2016. Uses TrickBot for deployment.
PDF Report Back to Groups
1
Total Victims
2016-01-01
First Seen
2026-03-05
Last Seen
9
Known TTPs
34.3d
Avg Delay
0
Negotiations
ONION URLS
ivymzfaq2a6jpxd6mssdmwosvmjuq5cqozv6ubbvwtidgyzxrksigd2g.onion
TOOLS
TrickBot ADFind
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-05 Star Inc United States Construction Published
Technique ID Technique Name Tactic
T1039 Data from Network Shared Drive Collection
T1071.001 Web Protocols Command and Control
T1558.003 Kerberoasting Credential Access
T1055 Process Injection Defense Evasion
T1562.009 Safe Mode Boot Defense Evasion
T1047 Windows Management Instrumentation Execution
T1059.003 Windows Command Shell Execution
T1486 Data Encrypted for Impact Impact
T1531 Account Access Removal Impact

No YARA rules

No IoCs

No ransom notes