Destiny Active

Ransomware group first observed in 2020. Uses Rclone for deployment.
PDF Report Back to Groups
0
Total Victims
2020-08-01
First Seen
2026-03-07
Last Seen
0
Known TTPs
28.5d
Avg Delay
0
Negotiations
ONION URLS
zgpimfsrj3fuyuctqudnfsqvqarwwkjknih47kdafdwqt3nxxp436dts.onion
TOOLS
Rclone FileZilla
FILE EXTENSIONS
.ransom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
email recover182@firemail.cc Infrastructure linked to Destiny
md5 7e4ee9a37079772184a500ac0ba2f0ac Infrastructure linked to Destiny
sha1 92d35e2656038d3bbd94f1c8fb960b5fd8db06c3 Dropper hash observed in Destiny attacks
sha1 f9ebc9ee745da2269128d377a7cb5e5d6ad70c9a Dropper hash - Destiny campaign
email admin971@firemail.cc Contact email - Destiny campaign
tox FC07D9FE2E0CD124BC3377DFF233B763A1D10CC1971C7ED0D994B7050EFA006B75D1B5D2EADA Associated with Destiny ransomware
ip 222.94.102.63 C2 server IP - Destiny campaign

No ransom notes