Detonation Inactive

Ransomware group first observed in 2016. Uses WinSCP for deployment.
PDF Report Back to Groups
0
Total Victims
2016-06-01
First Seen
2018-09-23
Last Seen
0
Known TTPs
34.9d
Avg Delay
0
Negotiations
ONION URLS
s7oqplpwrldrzhk3ikddc4g2zywbfxksphswbsbpmvkvywgar7pfge74.onion
TOOLS
WinSCP Certify ScreenConnect SharpDPAPI
FILE EXTENSIONS
.ransom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
sha256 96720d12806f6aea3b9d6c1d8bb0dbef454cfb9452799cad7747f37d86438f59 Ransomware binary hash - Detonation campaign
ip 32.157.239.89 C2 server IP - Detonation campaign
sha256 39228904f1a5d0e3edf7e40012fdcca1bbf48ac6251b54da4dd307bf39c1baad Ransomware binary hash observed in Detonation attacks
tox C4CE9DA3DADF5FB5CD6DF4B55A25712DC66A988BA12EE7E4EA3F1DFBCBA904C53D657DF6AFDC Associated with Detonation ransomware
email decrypt914@tutanota.com Infrastructure linked to Detonation
md5 a1ead17e97d64b8b955ce629199a932a Malware sample hash observed in Detonation attacks
btc bc1q8w4yhgo6lf0yyox7sik6nnj9cdviommwb0e17b Bitcoin ransom address observed in Detonation attacks
btc bc1qdin8k0uosas04ml6w1ezij2iu11nuxxg3puio4 Infrastructure linked to Detonation
email admin787@protonmail.com Contact email observed in Detonation attacks
tox 23941E6BC2BC9BAEACD612732D60DDAA6B045BEDCCEF66797DD31E2F763E167DC58FD3DEF7DF Infrastructure linked to Detonation
btc bc1qrn7hd807pn7q26c8bldt5qgvwca9l5wvkqunjx Bitcoin ransom address observed in Detonation attacks
email contact103@tutanota.com Associated with Detonation ransomware
sha1 353e39acbce2e785d0cad5a3e4c34f3a2aa916cb Associated with Detonation ransomware
sha1 0232c6f5e4256b6522f2e9fd48d3d30f9055e614 Infrastructure linked to Detonation
btc bc1qo6foaglcm7ck70x3vdmplkozbe1kemgm2jz8jx Bitcoin ransom address observed in Detonation attacks

No ransom notes