DominionStrike Defunct

Ransomware group first observed in 2016. Uses AnyDesk for deployment.
PDF Report Back to Groups
0
Total Victims
2016-09-01
First Seen
2019-07-06
Last Seen
19
Known TTPs
28.7d
Avg Delay
0
Negotiations
ONION URLS
4b7miub5b5webxc545t2kketrkkobxbn2z2utpth6comysjrej6cafpn.onion
TOOLS
AnyDesk MegaSync
FILE EXTENSIONS
.locked
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1105 Ingress Tool Transfer Command and Control
T1219 Remote Access Software Command and Control
T1572 Protocol Tunneling Command and Control
T1573.002 Asymmetric Cryptography Command and Control
T1003.003 NTDS Credential Access
T1070.004 File Deletion Defense Evasion
T1562.001 Disable or Modify Tools Defense Evasion
T1018 Remote System Discovery Discovery
T1049 System Network Connections Discovery Discovery
T1082 System Information Discovery Discovery
T1059.005 Visual Basic Execution
T1204.001 Malicious Link Execution
T1567.002 Exfiltration to Cloud Storage Exfiltration
T1489 Service Stop Impact
T1529 System Shutdown/Reboot Impact
T1531 Account Access Removal Impact
T1078 Valid Accounts Initial Access
T1190 Exploit Public-Facing Application Initial Access
T1548.002 Bypass UAC Privilege Escalation

No YARA rules

No IoCs

No ransom notes