DiomedesBlack Inactive
Ransomware group first observed in 2018. Uses ScreenConnect for deployment.0
Total Victims
2018-06-01
First Seen
2020-02-13
Last Seen
14
Known TTPs
13.1d
Avg Delay
0
Negotiations
ONION URLS
zm3jgz34ckp7lu3oah544wysbw2xezubhp23b3rw6gnj2nfqpjwfuxuc.onion
TOOLS
ScreenConnect
PsExec
ngrok
FILE EXTENSIONS
.enc
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1074.001 | Local Data Staging | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1110.001 | Password Guessing | Credential Access |
| T1070.004 | File Deletion | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1204.002 | Malicious File | Execution |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1491.001 | Internal Defacement | Impact |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
| T1136.001 | Local Account | Persistence |
| T1543.003 | Windows Service | Persistence |
No YARA rules
No ransom notes